diff --git a/internal/start/start.go b/internal/start/start.go index d97d72f56..da619fe13 100644 --- a/internal/start/start.go +++ b/internal/start/start.go @@ -505,6 +505,7 @@ EOF fmt.Sprintf("GOTRUE_RATE_LIMIT_OTP=%v", utils.Config.Auth.RateLimit.SignInSignUps), fmt.Sprintf("GOTRUE_RATE_LIMIT_VERIFY=%v", utils.Config.Auth.RateLimit.TokenVerifications), fmt.Sprintf("GOTRUE_RATE_LIMIT_SMS_SENT=%v", utils.Config.Auth.RateLimit.SmsSent), + fmt.Sprintf("GOTRUE_RATE_LIMIT_WEB3=%v", utils.Config.Auth.RateLimit.Web3), } if utils.Config.Auth.Email.Smtp != nil && utils.Config.Auth.Email.Smtp.Enabled { @@ -669,6 +670,7 @@ EOF env = append(env, fmt.Sprintf("GOTRUE_EXTERNAL_%s_URL=%s", strings.ToUpper(name), config.Url)) } } + env = append(env, fmt.Sprintf("GOTRUE_EXTERNAL_WEB3_SOLANA_ENABLED=%v", utils.Config.Auth.Web3.Solana.Enabled)) if _, err := utils.DockerStart( ctx, diff --git a/pkg/config/auth.go b/pkg/config/auth.go index 3e0cf2364..f8c431309 100644 --- a/pkg/config/auth.go +++ b/pkg/config/auth.go @@ -92,6 +92,7 @@ type ( Email email `toml:"email"` Sms sms `toml:"sms"` External external `toml:"external"` + Web3 web3 `toml:"web3"` // Custom secrets can be injected from .env file JwtSecret Secret `toml:"jwt_secret"` @@ -117,6 +118,7 @@ type ( TokenVerifications uint `toml:"token_verifications"` EmailSent uint `toml:"email_sent"` SmsSent uint `toml:"sms_sent"` + Web3 uint `toml:"web3"` } tpaFirebase struct { @@ -265,6 +267,14 @@ type ( RedirectUri string `toml:"redirect_uri"` SkipNonceCheck bool `toml:"skip_nonce_check"` } + + solana struct { + Enabled bool `toml:"enabled"` + } + + web3 struct { + Solana solana `toml:"solana"` + } ) func (a *auth) ToUpdateAuthConfigBody() v1API.UpdateAuthConfigBody { @@ -295,6 +305,7 @@ func (a *auth) ToUpdateAuthConfigBody() v1API.UpdateAuthConfigBody { a.Email.toAuthConfigBody(&body) a.Sms.toAuthConfigBody(&body) a.External.toAuthConfigBody(&body) + a.Web3.toAuthConfigBody(&body) return body } @@ -321,6 +332,7 @@ func (a *auth) FromRemoteAuthConfig(remoteConfig v1API.AuthConfigResponse) { a.Email.fromAuthConfig(remoteConfig) a.Sms.fromAuthConfig(remoteConfig) a.External.fromAuthConfig(remoteConfig) + a.Web3.fromAuthConfig(remoteConfig) } func (r rateLimit) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { @@ -330,6 +342,7 @@ func (r rateLimit) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { body.RateLimitVerify = nullable.NewNullableWithValue(cast.UintToInt(r.TokenVerifications)) // Email rate limit is only updated when SMTP is enabled body.RateLimitSmsSent = nullable.NewNullableWithValue(cast.UintToInt(r.SmsSent)) + body.RateLimitWeb3 = nullable.NewNullableWithValue((cast.UintToInt(r.Web3))) } func (r *rateLimit) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { @@ -339,6 +352,7 @@ func (r *rateLimit) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { r.TokenVerifications = cast.IntToUint(ValOrDefault(remoteConfig.RateLimitVerify, 0)) // Email rate limit is only updated when SMTP is enabled r.SmsSent = cast.IntToUint(ValOrDefault(remoteConfig.RateLimitSmsSent, 0)) + r.Web3 = cast.IntToUint(ValOrDefault(remoteConfig.RateLimitWeb3, 0)) } func (c captcha) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { @@ -1198,6 +1212,16 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { } } +func (w web3) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { + body.ExternalWeb3SolanaEnabled = nullable.NewNullableWithValue(w.Solana.Enabled) +} + +func (w *web3) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { + if value, err := remoteConfig.ExternalWeb3SolanaEnabled.Get(); err == nil { + w.Solana.Enabled = value + } +} + func (a *auth) DiffWithRemote(remoteConfig v1API.AuthConfigResponse) ([]byte, error) { copy := a.Clone() // Convert the config values into easily comparable remoteConfig values diff --git a/pkg/config/templates/config.toml b/pkg/config/templates/config.toml index 9f48426aa..c8aa68ad1 100644 --- a/pkg/config/templates/config.toml +++ b/pkg/config/templates/config.toml @@ -140,6 +140,8 @@ token_refresh = 150 sign_in_sign_ups = 30 # Number of OTP / Magic link verifications that can be made in a 5 minute interval per IP address. token_verifications = 30 +# Number of Web3 logins that can be made in a 5 minute interval per IP address. +web3 = 30 # Configure one of the supported captcha providers: `hcaptcha`, `turnstile`. # [auth.captcha] @@ -252,6 +254,11 @@ url = "" # If enabled, the nonce check will be skipped. Required for local sign in with Google auth. skip_nonce_check = false +# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard. +# You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting. +[auth.web3.solana] +enabled = false + # Use Firebase Auth as a third-party provider alongside Supabase Auth. [auth.third_party.firebase] enabled = false diff --git a/pkg/config/testdata/TestCaptchaDiff/local_disabled_remote_enabled.diff b/pkg/config/testdata/TestCaptchaDiff/local_disabled_remote_enabled.diff index 33e424e85..87790083c 100644 --- a/pkg/config/testdata/TestCaptchaDiff/local_disabled_remote_enabled.diff +++ b/pkg/config/testdata/TestCaptchaDiff/local_disabled_remote_enabled.diff @@ -1,8 +1,8 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -22,7 +22,7 @@ - sms_sent = 0 +@@ -23,7 +23,7 @@ + web3 = 0 [captcha] -enabled = true diff --git a/pkg/config/testdata/TestCaptchaDiff/local_enabled_remote_disabled.diff b/pkg/config/testdata/TestCaptchaDiff/local_enabled_remote_disabled.diff index 9b8e0a2cc..2865d6d71 100644 --- a/pkg/config/testdata/TestCaptchaDiff/local_enabled_remote_disabled.diff +++ b/pkg/config/testdata/TestCaptchaDiff/local_enabled_remote_disabled.diff @@ -1,8 +1,8 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -22,9 +22,9 @@ - sms_sent = 0 +@@ -23,9 +23,9 @@ + web3 = 0 [captcha] -enabled = false diff --git a/pkg/config/testdata/TestEmailDiff/local_disabled_remote_enabled.diff b/pkg/config/testdata/TestEmailDiff/local_disabled_remote_enabled.diff index 9c65fd39e..42105313b 100644 --- a/pkg/config/testdata/TestEmailDiff/local_disabled_remote_enabled.diff +++ b/pkg/config/testdata/TestEmailDiff/local_disabled_remote_enabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -43,13 +43,13 @@ +@@ -44,13 +44,13 @@ inactivity_timeout = "0s" [email] diff --git a/pkg/config/testdata/TestEmailDiff/local_enabled_remote_disabled.diff b/pkg/config/testdata/TestEmailDiff/local_enabled_remote_disabled.diff index aac657d91..536c34712 100644 --- a/pkg/config/testdata/TestEmailDiff/local_enabled_remote_disabled.diff +++ b/pkg/config/testdata/TestEmailDiff/local_enabled_remote_disabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -43,36 +43,44 @@ +@@ -44,36 +44,44 @@ inactivity_timeout = "0s" [email] diff --git a/pkg/config/testdata/TestExternalDiff/local_enabled_and_disabled.diff b/pkg/config/testdata/TestExternalDiff/local_enabled_and_disabled.diff index e1c72aea2..5c885eeff 100644 --- a/pkg/config/testdata/TestExternalDiff/local_enabled_and_disabled.diff +++ b/pkg/config/testdata/TestExternalDiff/local_enabled_and_disabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -83,7 +83,7 @@ +@@ -84,7 +84,7 @@ [external] [external.apple] @@ -10,7 +10,7 @@ diff remote[auth] local[auth] client_id = "test-client-1,test-client-2" secret = "hash:ce62bb9bcced294fd4afe668f8ab3b50a89cf433093c526fffa3d0e46bf55252" url = "" -@@ -90,9 +90,9 @@ +@@ -91,9 +91,9 @@ redirect_uri = "" skip_nonce_check = false [external.azure] @@ -23,7 +23,7 @@ diff remote[auth] local[auth] url = "" redirect_uri = "" skip_nonce_check = false -@@ -139,7 +139,7 @@ +@@ -140,7 +140,7 @@ redirect_uri = "" skip_nonce_check = false [external.google] diff --git a/pkg/config/testdata/TestHookDiff/local_disabled_remote_enabled.diff b/pkg/config/testdata/TestHookDiff/local_disabled_remote_enabled.diff index 2f58f7348..459c58f42 100644 --- a/pkg/config/testdata/TestHookDiff/local_disabled_remote_enabled.diff +++ b/pkg/config/testdata/TestHookDiff/local_disabled_remote_enabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -23,19 +23,19 @@ +@@ -24,19 +24,19 @@ [hook] [hook.mfa_verification_attempt] diff --git a/pkg/config/testdata/TestHookDiff/local_enabled_remote_disabled.diff b/pkg/config/testdata/TestHookDiff/local_enabled_remote_disabled.diff index ca8d99e1e..6065f9d20 100644 --- a/pkg/config/testdata/TestHookDiff/local_enabled_remote_disabled.diff +++ b/pkg/config/testdata/TestHookDiff/local_enabled_remote_disabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -23,20 +23,20 @@ +@@ -24,20 +24,20 @@ [hook] [hook.mfa_verification_attempt] diff --git a/pkg/config/testdata/TestMfaDiff/local_enabled_and_disabled.diff b/pkg/config/testdata/TestMfaDiff/local_enabled_and_disabled.diff index 66918e27b..ae67613cb 100644 --- a/pkg/config/testdata/TestMfaDiff/local_enabled_and_disabled.diff +++ b/pkg/config/testdata/TestMfaDiff/local_enabled_and_disabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -24,16 +24,16 @@ +@@ -25,16 +25,16 @@ [hook] [mfa] diff --git a/pkg/config/testdata/TestRateLimitsDiff/local_and_remote_rate_limits_differ.diff b/pkg/config/testdata/TestRateLimitsDiff/local_and_remote_rate_limits_differ.diff index 04a638630..26f0fe484 100644 --- a/pkg/config/testdata/TestRateLimitsDiff/local_and_remote_rate_limits_differ.diff +++ b/pkg/config/testdata/TestRateLimitsDiff/local_and_remote_rate_limits_differ.diff @@ -15,6 +15,6 @@ diff remote[auth] local[auth] -sms_sent = 55 +email_sent = 25 +sms_sent = 35 + web3 = 0 [hook] - diff --git a/pkg/config/testdata/TestSmsDiff/enable_sign_up_without_provider.diff b/pkg/config/testdata/TestSmsDiff/enable_sign_up_without_provider.diff index 27c9d143d..66250c8c7 100644 --- a/pkg/config/testdata/TestSmsDiff/enable_sign_up_without_provider.diff +++ b/pkg/config/testdata/TestSmsDiff/enable_sign_up_without_provider.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -52,7 +52,7 @@ +@@ -53,7 +53,7 @@ otp_expiry = 0 [sms] diff --git a/pkg/config/testdata/TestSmsDiff/local_disabled_remote_enabled.diff b/pkg/config/testdata/TestSmsDiff/local_disabled_remote_enabled.diff index 6cf27da6e..a59f66f56 100644 --- a/pkg/config/testdata/TestSmsDiff/local_disabled_remote_enabled.diff +++ b/pkg/config/testdata/TestSmsDiff/local_disabled_remote_enabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -52,12 +52,12 @@ +@@ -53,12 +53,12 @@ otp_expiry = 0 [sms] @@ -19,12 +19,12 @@ diff remote[auth] local[auth] account_sid = "" message_service_sid = "" auth_token = "" -@@ -80,8 +80,6 @@ +@@ -81,8 +81,6 @@ api_key = "" api_secret = "" [sms.test_otp] -123 = "456" -456 = "123" - [third_party] - [third_party.firebase] + [web3] + [web3.solana] diff --git a/pkg/config/testdata/TestSmsDiff/local_enabled_remote_disabled.diff b/pkg/config/testdata/TestSmsDiff/local_enabled_remote_disabled.diff index 3cbb49a40..0c5271719 100644 --- a/pkg/config/testdata/TestSmsDiff/local_enabled_remote_disabled.diff +++ b/pkg/config/testdata/TestSmsDiff/local_enabled_remote_disabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -52,12 +52,12 @@ +@@ -53,12 +53,12 @@ otp_expiry = 0 [sms] @@ -19,7 +19,7 @@ diff remote[auth] local[auth] account_sid = "" message_service_sid = "" auth_token = "" -@@ -67,9 +67,9 @@ +@@ -68,9 +68,9 @@ message_service_sid = "" auth_token = "" [sms.messagebird] @@ -32,11 +32,11 @@ diff remote[auth] local[auth] [sms.textlocal] enabled = false sender = "" -@@ -80,6 +80,7 @@ +@@ -81,6 +81,7 @@ api_key = "" api_secret = "" [sms.test_otp] +123 = "456" - [third_party] - [third_party.firebase] + [web3] + [web3.solana] diff --git a/pkg/config/testdata/config.toml b/pkg/config/testdata/config.toml index aa0131ab1..98ad26ecf 100644 --- a/pkg/config/testdata/config.toml +++ b/pkg/config/testdata/config.toml @@ -140,6 +140,8 @@ token_refresh = 150 sign_in_sign_ups = 30 # Number of OTP / Magic link verifications that can be made in a 5 minute interval per IP address. token_verifications = 30 +# Number of Web3 logins that can be made in a 5 minute interval per IP address. +web3 = 30 # Configure one of the supported captcha providers: `hcaptcha`, `turnstile`. [auth.captcha] @@ -253,6 +255,11 @@ url = "https://login.microsoftonline.com/tenant" # If enabled, the nonce check will be skipped. Required for local sign in with Google auth. skip_nonce_check = true +# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard. +# You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting. +[auth.web3.solana] +enabled = true + [edge_runtime] enabled = true # Configure one of the supported request policies: `oneshot`, `per_worker`.