chore: apply pr comments

supabase · Nov 29, 2024 · 77d825b · 77d825b
1 parent b86a446
commit 77d825b
Show file tree

Hide file tree

Showing 13 changed files with 97 additions and 92 deletions.
diff --git a/internal/start/start.go b/internal/start/start.go
@@ -30,7 +30,6 @@ import (
 	"github.com/supabase/cli/internal/status"
 	"github.com/supabase/cli/internal/utils"
 	"github.com/supabase/cli/internal/utils/flags"
-	"github.com/supabase/cli/pkg/cast"
 	"github.com/supabase/cli/pkg/config"
 	"golang.org/x/mod/semver"
 )
@@ -610,39 +609,39 @@ EOF
 				env,
 				"GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_ENABLED=true",
 				"GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_URI="+utils.Config.Auth.Hook.MFAVerificationAttempt.URI,
-				"GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_SECRETS="+cast.Val(utils.Config.Auth.Hook.MFAVerificationAttempt.Secrets, ""),
+				"GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_SECRETS="+utils.Config.Auth.Hook.MFAVerificationAttempt.Secrets,
 			)
 		}
 		if utils.Config.Auth.Hook.PasswordVerificationAttempt.Enabled {
 			env = append(
 				env,
 				"GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_ENABLED=true",
 				"GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_URI="+utils.Config.Auth.Hook.PasswordVerificationAttempt.URI,
-				"GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_SECRETS="+cast.Val(utils.Config.Auth.Hook.PasswordVerificationAttempt.Secrets, ""),
+				"GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_SECRETS="+utils.Config.Auth.Hook.PasswordVerificationAttempt.Secrets,
 			)
 		}
 		if utils.Config.Auth.Hook.CustomAccessToken.Enabled {
 			env = append(
 				env,
 				"GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED=true",
 				"GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI="+utils.Config.Auth.Hook.CustomAccessToken.URI,
-				"GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_SECRETS="+cast.Val(utils.Config.Auth.Hook.CustomAccessToken.Secrets, ""),
+				"GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_SECRETS="+utils.Config.Auth.Hook.CustomAccessToken.Secrets,
 			)
 		}
 		if utils.Config.Auth.Hook.SendSMS.Enabled {
 			env = append(
 				env,
 				"GOTRUE_HOOK_SEND_SMS_ENABLED=true",
 				"GOTRUE_HOOK_SEND_SMS_URI="+utils.Config.Auth.Hook.SendSMS.URI,
-				"GOTRUE_HOOK_SEND_SMS_SECRETS="+cast.Val(utils.Config.Auth.Hook.SendSMS.Secrets, ""),
+				"GOTRUE_HOOK_SEND_SMS_SECRETS="+utils.Config.Auth.Hook.SendSMS.Secrets,
 			)
 		}
 		if utils.Config.Auth.Hook.SendEmail.Enabled {
 			env = append(
 				env,
 				"GOTRUE_HOOK_SEND_EMAIL_ENABLED=true",
 				"GOTRUE_HOOK_SEND_EMAIL_URI="+utils.Config.Auth.Hook.SendEmail.URI,
-				"GOTRUE_HOOK_SEND_EMAIL_SECRETS="+cast.Val(utils.Config.Auth.Hook.SendEmail.Secrets, ""),
+				"GOTRUE_HOOK_SEND_EMAIL_SECRETS="+utils.Config.Auth.Hook.SendEmail.Secrets,
 			)
 		}
 

diff --git a/pkg/config/auth.go b/pkg/config/auth.go
@@ -171,9 +171,9 @@ type (
 	}
 
 	hookConfig struct {
-		Enabled bool    `toml:"enabled"`
-		URI     string  `toml:"uri"`
-		Secrets *string `toml:"secrets"`
+		Enabled bool   `toml:"enabled"`
+		URI     string `toml:"uri"`
+		Secrets string `toml:"secrets"`
 	}
 
 	sessions struct {
@@ -262,48 +262,58 @@ func (a *auth) FromRemoteAuthConfig(remoteConfig v1API.AuthConfigResponse) {
 func (h hook) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
 	if body.HookCustomAccessTokenEnabled = &h.CustomAccessToken.Enabled; *body.HookCustomAccessTokenEnabled {
 		body.HookCustomAccessTokenUri = &h.CustomAccessToken.URI
-		body.HookCustomAccessTokenSecrets = h.CustomAccessToken.Secrets
+		if len(h.CustomAccessToken.Secrets) > 0 {
+			body.HookCustomAccessTokenSecrets = &h.CustomAccessToken.Secrets
+		}
 	}
 	if body.HookSendEmailEnabled = &h.SendEmail.Enabled; *body.HookSendEmailEnabled {
 		body.HookSendEmailUri = &h.SendEmail.URI
-		body.HookSendEmailSecrets = h.SendEmail.Secrets
+		if len(h.SendEmail.Secrets) > 0 {
+			body.HookSendEmailSecrets = &h.SendEmail.Secrets
+		}
 	}
 	if body.HookSendSmsEnabled = &h.SendSMS.Enabled; *body.HookSendSmsEnabled {
 		body.HookSendSmsUri = &h.SendSMS.URI
-		body.HookSendSmsSecrets = h.SendSMS.Secrets
+		if len(h.SendSMS.Secrets) > 0 {
+			body.HookSendSmsSecrets = &h.SendSMS.Secrets
+		}
 	}
 	// Enterprise and team only features
 	if body.HookMfaVerificationAttemptEnabled = &h.MFAVerificationAttempt.Enabled; *body.HookMfaVerificationAttemptEnabled {
 		body.HookMfaVerificationAttemptUri = &h.MFAVerificationAttempt.URI
-		body.HookMfaVerificationAttemptSecrets = h.MFAVerificationAttempt.Secrets
+		if len(h.MFAVerificationAttempt.Secrets) > 0 {
+			body.HookMfaVerificationAttemptSecrets = &h.MFAVerificationAttempt.Secrets
+		}
 	}
 	if body.HookPasswordVerificationAttemptEnabled = &h.PasswordVerificationAttempt.Enabled; *body.HookPasswordVerificationAttemptEnabled {
 		body.HookPasswordVerificationAttemptUri = &h.PasswordVerificationAttempt.URI
-		body.HookPasswordVerificationAttemptSecrets = h.PasswordVerificationAttempt.Secrets
+		if len(h.PasswordVerificationAttempt.Secrets) > 0 {
+			body.HookPasswordVerificationAttemptSecrets = &h.PasswordVerificationAttempt.Secrets
+		}
 	}
 }
 func (h *hook) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
 	// Ignore disabled hooks because their envs are not loaded
 	if h.CustomAccessToken.Enabled {
 		h.CustomAccessToken.URI = cast.Val(remoteConfig.HookCustomAccessTokenUri, "")
 		if remoteConfig.HookCustomAccessTokenSecrets != nil {
-			h.CustomAccessToken.Secrets = cast.Ptr(hashPrefix + *remoteConfig.HookCustomAccessTokenSecrets)
+			h.CustomAccessToken.Secrets = hashPrefix + cast.Val(remoteConfig.HookCustomAccessTokenSecrets, "")
 		}
 	}
 	h.CustomAccessToken.Enabled = cast.Val(remoteConfig.HookCustomAccessTokenEnabled, false)
 
 	if h.SendEmail.Enabled {
 		h.SendEmail.URI = cast.Val(remoteConfig.HookSendEmailUri, "")
 		if remoteConfig.HookSendEmailSecrets != nil {
-			h.SendEmail.Secrets = cast.Ptr(hashPrefix + *remoteConfig.HookSendEmailSecrets)
+			h.SendEmail.Secrets = hashPrefix + cast.Val(remoteConfig.HookSendEmailSecrets, "")
 		}
 	}
 	h.SendEmail.Enabled = cast.Val(remoteConfig.HookSendEmailEnabled, false)
 
 	if h.SendSMS.Enabled {
 		h.SendSMS.URI = cast.Val(remoteConfig.HookSendSmsUri, "")
 		if remoteConfig.HookSendSmsSecrets != nil {
-			h.SendSMS.Secrets = cast.Ptr(hashPrefix + *remoteConfig.HookSendSmsSecrets)
+			h.SendSMS.Secrets = hashPrefix + cast.Val(remoteConfig.HookSendSmsSecrets, "")
 		}
 	}
 	h.SendSMS.Enabled = cast.Val(remoteConfig.HookSendSmsEnabled, false)
@@ -312,15 +322,15 @@ func (h *hook) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
 	if h.MFAVerificationAttempt.Enabled {
 		h.MFAVerificationAttempt.URI = cast.Val(remoteConfig.HookMfaVerificationAttemptUri, "")
 		if remoteConfig.HookMfaVerificationAttemptSecrets != nil {
-			h.MFAVerificationAttempt.Secrets = cast.Ptr(hashPrefix + *remoteConfig.HookMfaVerificationAttemptSecrets)
+			h.MFAVerificationAttempt.Secrets = hashPrefix + cast.Val(remoteConfig.HookMfaVerificationAttemptSecrets, "")
 		}
 	}
 	h.MFAVerificationAttempt.Enabled = cast.Val(remoteConfig.HookMfaVerificationAttemptEnabled, false)
 
 	if h.PasswordVerificationAttempt.Enabled {
 		h.PasswordVerificationAttempt.URI = cast.Val(remoteConfig.HookPasswordVerificationAttemptUri, "")
 		if remoteConfig.HookPasswordVerificationAttemptSecrets != nil {
-			h.PasswordVerificationAttempt.Secrets = cast.Ptr(hashPrefix + *remoteConfig.HookPasswordVerificationAttemptSecrets)
+			h.PasswordVerificationAttempt.Secrets = hashPrefix + cast.Val(remoteConfig.HookPasswordVerificationAttemptSecrets, "")
 		}
 	}
 	h.PasswordVerificationAttempt.Enabled = cast.Val(remoteConfig.HookPasswordVerificationAttemptEnabled, false)
@@ -864,20 +874,20 @@ func (a *auth) HashSecrets(key string) {
 	case a.Sms.Vonage.Enabled:
 		a.Sms.Vonage.ApiSecret = hash(a.Sms.Vonage.ApiSecret)
 	}
-	if a.Hook.MFAVerificationAttempt.Enabled && a.Hook.MFAVerificationAttempt.Secrets != nil {
-		a.Hook.MFAVerificationAttempt.Secrets = cast.Ptr(hash(*a.Hook.MFAVerificationAttempt.Secrets))
+	if a.Hook.MFAVerificationAttempt.Enabled && len(a.Hook.MFAVerificationAttempt.Secrets) > 0 {
+		a.Hook.MFAVerificationAttempt.Secrets = hash(a.Hook.MFAVerificationAttempt.Secrets)
 	}
-	if a.Hook.PasswordVerificationAttempt.Enabled && a.Hook.PasswordVerificationAttempt.Secrets != nil {
-		a.Hook.PasswordVerificationAttempt.Secrets = cast.Ptr(hash(*a.Hook.PasswordVerificationAttempt.Secrets))
+	if a.Hook.PasswordVerificationAttempt.Enabled && len(a.Hook.PasswordVerificationAttempt.Secrets) > 0 {
+		a.Hook.PasswordVerificationAttempt.Secrets = hash(a.Hook.PasswordVerificationAttempt.Secrets)
 	}
-	if a.Hook.CustomAccessToken.Enabled && a.Hook.CustomAccessToken.Secrets != nil {
-		a.Hook.CustomAccessToken.Secrets = cast.Ptr(hash(*a.Hook.CustomAccessToken.Secrets))
+	if a.Hook.CustomAccessToken.Enabled && len(a.Hook.CustomAccessToken.Secrets) > 0 {
+		a.Hook.CustomAccessToken.Secrets = hash(a.Hook.CustomAccessToken.Secrets)
 	}
-	if a.Hook.SendSMS.Enabled && a.Hook.SendSMS.Secrets != nil {
-		a.Hook.SendSMS.Secrets = cast.Ptr(hash(*a.Hook.SendSMS.Secrets))
+	if a.Hook.SendSMS.Enabled && len(a.Hook.SendSMS.Secrets) > 0 {
+		a.Hook.SendSMS.Secrets = hash(a.Hook.SendSMS.Secrets)
 	}
-	if a.Hook.SendEmail.Enabled && a.Hook.SendEmail.Secrets != nil {
-		a.Hook.SendEmail.Secrets = cast.Ptr(hash(*a.Hook.SendEmail.Secrets))
+	if a.Hook.SendEmail.Enabled && len(a.Hook.SendEmail.Secrets) > 0 {
+		a.Hook.SendEmail.Secrets = hash(a.Hook.SendEmail.Secrets)
 	}
 	for name, provider := range a.External {
 		if provider.Enabled {

diff --git a/pkg/config/auth_test.go b/pkg/config/auth_test.go
@@ -24,21 +24,6 @@ func newWithDefaults() auth {
 	}
 }
 
-func defaultHttpHookConfig() hookConfig {
-	return hookConfig{
-		Enabled: true,
-		URI:     "http://example.com",
-		Secrets: cast.Ptr("test-secret"),
-	}
-}
-
-func defaultPostgresHookConfig() hookConfig {
-	return hookConfig{
-		Enabled: true,
-		URI:     "pg-functions://functionName",
-	}
-}
-
 func assertSnapshotEqual(t *testing.T, actual []byte) {
 	snapshot := filepath.Join("testdata", filepath.FromSlash(t.Name())) + ".diff"
 	expected, err := os.ReadFile(snapshot)
@@ -136,11 +121,30 @@ func TestHookDiff(t *testing.T) {
 	t.Run("local and remote enabled", func(t *testing.T) {
 		c := newWithDefaults()
 		c.Hook = hook{
-			CustomAccessToken:           defaultHttpHookConfig(),
-			SendSMS:                     defaultHttpHookConfig(),
-			SendEmail:                   defaultHttpHookConfig(),
-			MFAVerificationAttempt:      defaultHttpHookConfig(),
-			PasswordVerificationAttempt: defaultPostgresHookConfig(),
+			CustomAccessToken: hookConfig{
+				Enabled: true,
+				URI:     "http://example.com",
+				Secrets: "test-secret",
+			},
+			SendSMS: hookConfig{
+				Enabled: true,
+				URI:     "http://example.com",
+				Secrets: "test-secret",
+			},
+			SendEmail: hookConfig{
+				Enabled: true,
+				URI:     "http://example.com",
+				Secrets: "test-secret",
+			},
+			MFAVerificationAttempt: hookConfig{
+				Enabled: true,
+				URI:     "http://example.com",
+				Secrets: "test-secret",
+			},
+			PasswordVerificationAttempt: hookConfig{
+				Enabled: true,
+				URI:     "pg-functions://functionName",
+			},
 		}
 		// Run test
 		diff, err := c.DiffWithRemote("", v1API.AuthConfigResponse{
@@ -164,21 +168,6 @@ func TestHookDiff(t *testing.T) {
 		assert.NoError(t, err)
 		assert.Empty(t, string(diff))
 	})
-	t.Run("local and remote enabled pg-function custom hook", func(t *testing.T) {
-		c := newWithDefaults()
-		c.Hook = hook{
-			CustomAccessToken: defaultPostgresHookConfig(),
-		}
-		// Run test
-		diff, err := c.DiffWithRemote("", v1API.AuthConfigResponse{
-			HookCustomAccessTokenEnabled: cast.Ptr(true),
-			HookCustomAccessTokenUri:     cast.Ptr("pg-functions://functionName"),
-			HookCustomAccessTokenSecrets: nil,
-		})
-		// Check error
-		assert.NoError(t, err)
-		assert.Empty(t, string(diff))
-	})
 
 	t.Run("local enabled and disabled", func(t *testing.T) {
 		c := newWithDefaults()

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -996,18 +996,23 @@ func (h *hookConfig) validate(hookType string) (err error) {
 		return errors.Errorf("missing required field in config: auth.hook.%s.uri", hookType)
 	} else if parsed, err := url.Parse(h.URI); err != nil {
 		return errors.Errorf("failed to parse template url: %w", err)
-	} else if !(parsed.Scheme == "http" || parsed.Scheme == "https" || parsed.Scheme == "pg-functions") {
-		return errors.Errorf("Invalid auth hook config: auth.hook.%v should be a Postgres function URI, or a HTTP or HTTPS URL", hookType)
-	} else if (parsed.Scheme == "http" || parsed.Scheme == "https") && h.Secrets == nil {
-		return errors.Errorf("Invalid HTTP config: auth.hook.%v missing required secret value for the http hook endpoint.", hookType)
-	}
-	if h.Secrets != nil {
-		if envLoadedSecret, err := maybeLoadEnv(*h.Secrets); err != nil {
-			return errors.Errorf("missing field in config: auth.hook.%s.secrets", hookType)
-		} else {
-			h.Secrets = cast.Ptr(envLoadedSecret)
+	} else {
+		switch parsed.Scheme {
+		case "http", "https":
+			if len(h.Secrets) == 0 {
+				return errors.Errorf("Invalid HTTP config: auth.hook.%v missing required secret value for the http hook endpoint.", hookType)
+			}
+		case "pg-functions":
+			// pg-functions is a valid sheme
+		default:
+			return errors.Errorf("Invalid auth hook config: auth.hook.%v should be a Postgres function URI, or a HTTP or HTTPS URL", hookType)
 		}
 	}
+	if envLoadedSecret, err := maybeLoadEnv(h.Secrets); err != nil {
+		return errors.Errorf("missing field in config: auth.hook.%s.secrets", hookType)
+	} else {
+		h.Secrets = envLoadedSecret
+	}
 	return nil
 }
 

diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go
@@ -11,7 +11,6 @@ import (
 	"github.com/BurntSushi/toml"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/supabase/cli/pkg/cast"
 )
 
 //go:embed testdata/config.toml
@@ -251,7 +250,7 @@ func TestValidateHookURI(t *testing.T) {
 			h := hookConfig{
 				Enabled: true,
 				URI:     tt.uri,
-				Secrets: cast.Ptr("test-secret"),
+				Secrets: "test-secret",
 			}
 			err := h.validate(tt.hookName)
 			if tt.shouldErr {
@@ -266,7 +265,7 @@ func TestValidateHookURI(t *testing.T) {
 		h := hookConfig{
 			Enabled: true,
 			URI:     "http://example.com",
-			Secrets: nil,
+			Secrets: "",
 		}
 		err := h.validate("testHook")
 		assert.Error(t, err)

diff --git a/pkg/config/testdata/TestEmailDiff/local_disabled_remote_enabled.diff b/pkg/config/testdata/TestEmailDiff/local_disabled_remote_enabled.diff
@@ -1,7 +1,7 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -46,13 +46,13 @@
+@@ -51,13 +51,13 @@
  inactivity_timeout = "0s"
 
  [email]
@@ -22,7 +22,7 @@ diff remote[auth] local[auth]
  [email.template]
  [email.template.confirmation]
  content_path = ""
-@@ -66,13 +66,6 @@
+@@ -71,13 +71,6 @@
  content_path = ""
  [email.template.recovery]
  content_path = ""

diff --git a/pkg/config/testdata/TestEmailDiff/local_enabled_remote_disabled.diff b/pkg/config/testdata/TestEmailDiff/local_enabled_remote_disabled.diff
@@ -1,7 +1,7 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -46,28 +46,43 @@
+@@ -51,28 +51,43 @@
  inactivity_timeout = "0s"
 
  [email]

diff --git a/pkg/config/testdata/TestExternalDiff/local_enabled_and_disabled.diff b/pkg/config/testdata/TestExternalDiff/local_enabled_and_disabled.diff
@@ -1,7 +1,7 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -86,7 +86,7 @@
+@@ -91,7 +91,7 @@
 
  [external]
  [external.apple]
@@ -10,7 +10,7 @@ diff remote[auth] local[auth]
  client_id = "test-client-1,test-client-2"
  secret = "hash:ce62bb9bcced294fd4afe668f8ab3b50a89cf433093c526fffa3d0e46bf55252"
  url = ""
-@@ -142,7 +142,7 @@
+@@ -147,7 +147,7 @@
  redirect_uri = ""
  skip_nonce_check = false
  [external.google]

diff --git a/pkg/config/testdata/TestHookDiff/local_enabled_and_disabled.diff b/pkg/config/testdata/TestHookDiff/local_enabled_and_disabled.diff
@@ -1,22 +1,25 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -11,15 +11,14 @@
+@@ -11,7 +11,7 @@
 
  [hook]
  [hook.mfa_verification_attempt]
 -enabled = true
 +enabled = false
  uri = ""
+ secrets = ""
  [hook.password_verification_attempt]
- enabled = false
+@@ -19,9 +19,9 @@
  uri = ""
+ secrets = ""
  [hook.custom_access_token]
 -enabled = false
 -uri = ""
 -secrets = "hash:b613679a0814d9ec772f95d778c35fc5ff1697c493715653c6c712144292c5ad"
 +enabled = true
 +uri = ""
++secrets = ""
  [hook.send_sms]
  enabled = false
  uri = ""