From f08807d09ace0c3e84cad76e2c803ae2fffc56e8 Mon Sep 17 00:00:00 2001 From: Stojan Dimitrovski Date: Fri, 23 May 2025 10:43:28 +0200 Subject: [PATCH 1/4] feat: add web3 solana configs --- internal/start/start.go | 8 ++++++++ pkg/config/auth.go | 10 ++++++++++ pkg/config/templates/config.toml | 6 ++++++ 3 files changed, 24 insertions(+) diff --git a/internal/start/start.go b/internal/start/start.go index d97d72f56..df45e0e45 100644 --- a/internal/start/start.go +++ b/internal/start/start.go @@ -670,6 +670,14 @@ EOF } } + if utils.Config.Auth.Web3.Solana.Enabled { + env = append(env, "GOTRUE_EXTERNAL_WEB3_SOLANA_ENABLED=true") + + if utils.Config.Auth.RateLimit.Web3 != 0 { + env = append(env, fmt.Sprintf("GOTRUE_RATE_LIMIT_WEB3=%v", utils.Config.Auth.RateLimit.Web3)) + } + } + if _, err := utils.DockerStart( ctx, container.Config{ diff --git a/pkg/config/auth.go b/pkg/config/auth.go index bdddefae4..6ef6ffaec 100644 --- a/pkg/config/auth.go +++ b/pkg/config/auth.go @@ -91,6 +91,7 @@ type ( Email email `toml:"email"` Sms sms `toml:"sms"` External external `toml:"external"` + Web3 web3 `toml:"web3"` // Custom secrets can be injected from .env file JwtSecret Secret `toml:"jwt_secret"` @@ -116,6 +117,7 @@ type ( TokenVerifications uint `toml:"token_verifications"` EmailSent uint `toml:"email_sent"` SmsSent uint `toml:"sms_sent"` + Web3 uint `toml:"web3"` } tpaFirebase struct { @@ -264,6 +266,14 @@ type ( RedirectUri string `toml:"redirect_uri"` SkipNonceCheck bool `toml:"skip_nonce_check"` } + + solana struct { + Enabled bool `toml:"enabled"` + } + + web3 struct { + Solana solana `toml:"solana"` + } ) func (a *auth) ToUpdateAuthConfigBody() v1API.UpdateAuthConfigBody { diff --git a/pkg/config/templates/config.toml b/pkg/config/templates/config.toml index 9f48426aa..4c6bed218 100644 --- a/pkg/config/templates/config.toml +++ b/pkg/config/templates/config.toml @@ -140,6 +140,8 @@ token_refresh = 150 sign_in_sign_ups = 30 # Number of OTP / Magic link verifications that can be made in a 5 minute interval per IP address. token_verifications = 30 +# Number of Web3 logins that can be made in a 5 minute interval per IP address. +web3 = 30 # Configure one of the supported captcha providers: `hcaptcha`, `turnstile`. # [auth.captcha] @@ -252,6 +254,10 @@ url = "" # If enabled, the nonce check will be skipped. Required for local sign in with Google auth. skip_nonce_check = false +# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard. Make sure you configure the "web3" rate limit in the [auth.rate_limit] section and optionally set up captcha in [auth.captcha] if self-hosting. +[auth.web3.solana] +enabled = false + # Use Firebase Auth as a third-party provider alongside Supabase Auth. [auth.third_party.firebase] enabled = false From 9bae00fd776ba59719490e2f3ba709521dc9077e Mon Sep 17 00:00:00 2001 From: Stojan Dimitrovski Date: Fri, 23 May 2025 10:53:13 +0200 Subject: [PATCH 2/4] update to/from remote config for web3 solana --- pkg/config/auth.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/pkg/config/auth.go b/pkg/config/auth.go index 6ef6ffaec..fb2202d91 100644 --- a/pkg/config/auth.go +++ b/pkg/config/auth.go @@ -304,6 +304,7 @@ func (a *auth) ToUpdateAuthConfigBody() v1API.UpdateAuthConfigBody { a.Email.toAuthConfigBody(&body) a.Sms.toAuthConfigBody(&body) a.External.toAuthConfigBody(&body) + a.Web3.toAuthConfigBody(&body) return body } @@ -330,6 +331,7 @@ func (a *auth) FromRemoteAuthConfig(remoteConfig v1API.AuthConfigResponse) { a.Email.fromAuthConfig(remoteConfig) a.Sms.fromAuthConfig(remoteConfig) a.External.fromAuthConfig(remoteConfig) + a.Web3.fromAuthConfig(remoteConfig) } func (r rateLimit) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { @@ -339,6 +341,7 @@ func (r rateLimit) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { body.RateLimitVerify = cast.Ptr(cast.UintToInt(r.TokenVerifications)) // Email rate limit is only updated when SMTP is enabled body.RateLimitSmsSent = cast.Ptr(cast.UintToInt(r.SmsSent)) + body.RateLimitWeb3 = cast.Ptr(cast.UintToInt(r.Web3)) } func (r *rateLimit) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { @@ -348,6 +351,7 @@ func (r *rateLimit) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { r.TokenVerifications = cast.IntToUint(cast.Val(remoteConfig.RateLimitVerify, 0)) // Email rate limit is only updated when SMTP is enabled r.SmsSent = cast.IntToUint(cast.Val(remoteConfig.RateLimitSmsSent, 0)) + r.Web3 = cast.IntToUint(cast.Val(remoteConfig.RateLimitWeb3, 0)) } func (c captcha) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { @@ -1149,3 +1153,21 @@ func (a *auth) DiffWithRemote(remoteConfig v1API.AuthConfigResponse) ([]byte, er } return diff.Diff("remote[auth]", remoteCompare, "local[auth]", currentValue), nil } + +func (w web3) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { + w.Solana.toAuthConfigBody(body) +} + +func (w *web3) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { + w.Solana.fromAuthConfig(remoteConfig) +} + +func (s solana) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { + body.ExternalWeb3SolanaEnabled = &s.Enabled +} + +func (s *solana) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { + if remoteConfig.ExternalWeb3SolanaEnabled != nil { + s.Enabled = *remoteConfig.ExternalWeb3SolanaEnabled + } +} From 9bb351fc311a5254e398bf18ce182f84372f64f4 Mon Sep 17 00:00:00 2001 From: Qiao Han Date: Thu, 29 May 2025 14:47:16 +0800 Subject: [PATCH 3/4] chore: update test snapshots --- .../TestCaptchaDiff/local_disabled_remote_enabled.diff | 4 ++-- .../TestCaptchaDiff/local_enabled_remote_disabled.diff | 4 ++-- .../TestEmailDiff/local_disabled_remote_enabled.diff | 2 +- .../TestEmailDiff/local_enabled_remote_disabled.diff | 2 +- .../TestExternalDiff/local_enabled_and_disabled.diff | 6 +++--- .../TestHookDiff/local_disabled_remote_enabled.diff | 2 +- .../TestHookDiff/local_enabled_remote_disabled.diff | 2 +- .../TestMfaDiff/local_enabled_and_disabled.diff | 2 +- .../local_and_remote_rate_limits_differ.diff | 2 +- .../TestSmsDiff/enable_sign_up_without_provider.diff | 2 +- .../TestSmsDiff/local_disabled_remote_enabled.diff | 8 ++++---- .../TestSmsDiff/local_enabled_remote_disabled.diff | 10 +++++----- 12 files changed, 23 insertions(+), 23 deletions(-) diff --git a/pkg/config/testdata/TestCaptchaDiff/local_disabled_remote_enabled.diff b/pkg/config/testdata/TestCaptchaDiff/local_disabled_remote_enabled.diff index 33e424e85..87790083c 100644 --- a/pkg/config/testdata/TestCaptchaDiff/local_disabled_remote_enabled.diff +++ b/pkg/config/testdata/TestCaptchaDiff/local_disabled_remote_enabled.diff @@ -1,8 +1,8 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -22,7 +22,7 @@ - sms_sent = 0 +@@ -23,7 +23,7 @@ + web3 = 0 [captcha] -enabled = true diff --git a/pkg/config/testdata/TestCaptchaDiff/local_enabled_remote_disabled.diff b/pkg/config/testdata/TestCaptchaDiff/local_enabled_remote_disabled.diff index 9b8e0a2cc..2865d6d71 100644 --- a/pkg/config/testdata/TestCaptchaDiff/local_enabled_remote_disabled.diff +++ b/pkg/config/testdata/TestCaptchaDiff/local_enabled_remote_disabled.diff @@ -1,8 +1,8 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -22,9 +22,9 @@ - sms_sent = 0 +@@ -23,9 +23,9 @@ + web3 = 0 [captcha] -enabled = false diff --git a/pkg/config/testdata/TestEmailDiff/local_disabled_remote_enabled.diff b/pkg/config/testdata/TestEmailDiff/local_disabled_remote_enabled.diff index 9c65fd39e..42105313b 100644 --- a/pkg/config/testdata/TestEmailDiff/local_disabled_remote_enabled.diff +++ b/pkg/config/testdata/TestEmailDiff/local_disabled_remote_enabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -43,13 +43,13 @@ +@@ -44,13 +44,13 @@ inactivity_timeout = "0s" [email] diff --git a/pkg/config/testdata/TestEmailDiff/local_enabled_remote_disabled.diff b/pkg/config/testdata/TestEmailDiff/local_enabled_remote_disabled.diff index aac657d91..536c34712 100644 --- a/pkg/config/testdata/TestEmailDiff/local_enabled_remote_disabled.diff +++ b/pkg/config/testdata/TestEmailDiff/local_enabled_remote_disabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -43,36 +43,44 @@ +@@ -44,36 +44,44 @@ inactivity_timeout = "0s" [email] diff --git a/pkg/config/testdata/TestExternalDiff/local_enabled_and_disabled.diff b/pkg/config/testdata/TestExternalDiff/local_enabled_and_disabled.diff index e1c72aea2..5c885eeff 100644 --- a/pkg/config/testdata/TestExternalDiff/local_enabled_and_disabled.diff +++ b/pkg/config/testdata/TestExternalDiff/local_enabled_and_disabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -83,7 +83,7 @@ +@@ -84,7 +84,7 @@ [external] [external.apple] @@ -10,7 +10,7 @@ diff remote[auth] local[auth] client_id = "test-client-1,test-client-2" secret = "hash:ce62bb9bcced294fd4afe668f8ab3b50a89cf433093c526fffa3d0e46bf55252" url = "" -@@ -90,9 +90,9 @@ +@@ -91,9 +91,9 @@ redirect_uri = "" skip_nonce_check = false [external.azure] @@ -23,7 +23,7 @@ diff remote[auth] local[auth] url = "" redirect_uri = "" skip_nonce_check = false -@@ -139,7 +139,7 @@ +@@ -140,7 +140,7 @@ redirect_uri = "" skip_nonce_check = false [external.google] diff --git a/pkg/config/testdata/TestHookDiff/local_disabled_remote_enabled.diff b/pkg/config/testdata/TestHookDiff/local_disabled_remote_enabled.diff index 2f58f7348..459c58f42 100644 --- a/pkg/config/testdata/TestHookDiff/local_disabled_remote_enabled.diff +++ b/pkg/config/testdata/TestHookDiff/local_disabled_remote_enabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -23,19 +23,19 @@ +@@ -24,19 +24,19 @@ [hook] [hook.mfa_verification_attempt] diff --git a/pkg/config/testdata/TestHookDiff/local_enabled_remote_disabled.diff b/pkg/config/testdata/TestHookDiff/local_enabled_remote_disabled.diff index ca8d99e1e..6065f9d20 100644 --- a/pkg/config/testdata/TestHookDiff/local_enabled_remote_disabled.diff +++ b/pkg/config/testdata/TestHookDiff/local_enabled_remote_disabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -23,20 +23,20 @@ +@@ -24,20 +24,20 @@ [hook] [hook.mfa_verification_attempt] diff --git a/pkg/config/testdata/TestMfaDiff/local_enabled_and_disabled.diff b/pkg/config/testdata/TestMfaDiff/local_enabled_and_disabled.diff index 66918e27b..ae67613cb 100644 --- a/pkg/config/testdata/TestMfaDiff/local_enabled_and_disabled.diff +++ b/pkg/config/testdata/TestMfaDiff/local_enabled_and_disabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -24,16 +24,16 @@ +@@ -25,16 +25,16 @@ [hook] [mfa] diff --git a/pkg/config/testdata/TestRateLimitsDiff/local_and_remote_rate_limits_differ.diff b/pkg/config/testdata/TestRateLimitsDiff/local_and_remote_rate_limits_differ.diff index 04a638630..26f0fe484 100644 --- a/pkg/config/testdata/TestRateLimitsDiff/local_and_remote_rate_limits_differ.diff +++ b/pkg/config/testdata/TestRateLimitsDiff/local_and_remote_rate_limits_differ.diff @@ -15,6 +15,6 @@ diff remote[auth] local[auth] -sms_sent = 55 +email_sent = 25 +sms_sent = 35 + web3 = 0 [hook] - diff --git a/pkg/config/testdata/TestSmsDiff/enable_sign_up_without_provider.diff b/pkg/config/testdata/TestSmsDiff/enable_sign_up_without_provider.diff index 27c9d143d..66250c8c7 100644 --- a/pkg/config/testdata/TestSmsDiff/enable_sign_up_without_provider.diff +++ b/pkg/config/testdata/TestSmsDiff/enable_sign_up_without_provider.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -52,7 +52,7 @@ +@@ -53,7 +53,7 @@ otp_expiry = 0 [sms] diff --git a/pkg/config/testdata/TestSmsDiff/local_disabled_remote_enabled.diff b/pkg/config/testdata/TestSmsDiff/local_disabled_remote_enabled.diff index 6cf27da6e..a59f66f56 100644 --- a/pkg/config/testdata/TestSmsDiff/local_disabled_remote_enabled.diff +++ b/pkg/config/testdata/TestSmsDiff/local_disabled_remote_enabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -52,12 +52,12 @@ +@@ -53,12 +53,12 @@ otp_expiry = 0 [sms] @@ -19,12 +19,12 @@ diff remote[auth] local[auth] account_sid = "" message_service_sid = "" auth_token = "" -@@ -80,8 +80,6 @@ +@@ -81,8 +81,6 @@ api_key = "" api_secret = "" [sms.test_otp] -123 = "456" -456 = "123" - [third_party] - [third_party.firebase] + [web3] + [web3.solana] diff --git a/pkg/config/testdata/TestSmsDiff/local_enabled_remote_disabled.diff b/pkg/config/testdata/TestSmsDiff/local_enabled_remote_disabled.diff index 3cbb49a40..0c5271719 100644 --- a/pkg/config/testdata/TestSmsDiff/local_enabled_remote_disabled.diff +++ b/pkg/config/testdata/TestSmsDiff/local_enabled_remote_disabled.diff @@ -1,7 +1,7 @@ diff remote[auth] local[auth] --- remote[auth] +++ local[auth] -@@ -52,12 +52,12 @@ +@@ -53,12 +53,12 @@ otp_expiry = 0 [sms] @@ -19,7 +19,7 @@ diff remote[auth] local[auth] account_sid = "" message_service_sid = "" auth_token = "" -@@ -67,9 +67,9 @@ +@@ -68,9 +68,9 @@ message_service_sid = "" auth_token = "" [sms.messagebird] @@ -32,11 +32,11 @@ diff remote[auth] local[auth] [sms.textlocal] enabled = false sender = "" -@@ -80,6 +80,7 @@ +@@ -81,6 +81,7 @@ api_key = "" api_secret = "" [sms.test_otp] +123 = "456" - [third_party] - [third_party.firebase] + [web3] + [web3.solana] From 3d2608db4d30480b2108022d3941c4e12befe225 Mon Sep 17 00:00:00 2001 From: Qiao Han Date: Thu, 29 May 2025 19:22:24 +0800 Subject: [PATCH 4/4] chore: update config for testdata --- internal/start/start.go | 10 ++-------- pkg/config/templates/config.toml | 3 ++- pkg/config/testdata/config.toml | 7 +++++++ 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/internal/start/start.go b/internal/start/start.go index df45e0e45..da619fe13 100644 --- a/internal/start/start.go +++ b/internal/start/start.go @@ -505,6 +505,7 @@ EOF fmt.Sprintf("GOTRUE_RATE_LIMIT_OTP=%v", utils.Config.Auth.RateLimit.SignInSignUps), fmt.Sprintf("GOTRUE_RATE_LIMIT_VERIFY=%v", utils.Config.Auth.RateLimit.TokenVerifications), fmt.Sprintf("GOTRUE_RATE_LIMIT_SMS_SENT=%v", utils.Config.Auth.RateLimit.SmsSent), + fmt.Sprintf("GOTRUE_RATE_LIMIT_WEB3=%v", utils.Config.Auth.RateLimit.Web3), } if utils.Config.Auth.Email.Smtp != nil && utils.Config.Auth.Email.Smtp.Enabled { @@ -669,14 +670,7 @@ EOF env = append(env, fmt.Sprintf("GOTRUE_EXTERNAL_%s_URL=%s", strings.ToUpper(name), config.Url)) } } - - if utils.Config.Auth.Web3.Solana.Enabled { - env = append(env, "GOTRUE_EXTERNAL_WEB3_SOLANA_ENABLED=true") - - if utils.Config.Auth.RateLimit.Web3 != 0 { - env = append(env, fmt.Sprintf("GOTRUE_RATE_LIMIT_WEB3=%v", utils.Config.Auth.RateLimit.Web3)) - } - } + env = append(env, fmt.Sprintf("GOTRUE_EXTERNAL_WEB3_SOLANA_ENABLED=%v", utils.Config.Auth.Web3.Solana.Enabled)) if _, err := utils.DockerStart( ctx, diff --git a/pkg/config/templates/config.toml b/pkg/config/templates/config.toml index 4c6bed218..c8aa68ad1 100644 --- a/pkg/config/templates/config.toml +++ b/pkg/config/templates/config.toml @@ -254,7 +254,8 @@ url = "" # If enabled, the nonce check will be skipped. Required for local sign in with Google auth. skip_nonce_check = false -# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard. Make sure you configure the "web3" rate limit in the [auth.rate_limit] section and optionally set up captcha in [auth.captcha] if self-hosting. +# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard. +# You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting. [auth.web3.solana] enabled = false diff --git a/pkg/config/testdata/config.toml b/pkg/config/testdata/config.toml index aa0131ab1..98ad26ecf 100644 --- a/pkg/config/testdata/config.toml +++ b/pkg/config/testdata/config.toml @@ -140,6 +140,8 @@ token_refresh = 150 sign_in_sign_ups = 30 # Number of OTP / Magic link verifications that can be made in a 5 minute interval per IP address. token_verifications = 30 +# Number of Web3 logins that can be made in a 5 minute interval per IP address. +web3 = 30 # Configure one of the supported captcha providers: `hcaptcha`, `turnstile`. [auth.captcha] @@ -253,6 +255,11 @@ url = "https://login.microsoftonline.com/tenant" # If enabled, the nonce check will be skipped. Required for local sign in with Google auth. skip_nonce_check = true +# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard. +# You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting. +[auth.web3.solana] +enabled = true + [edge_runtime] enabled = true # Configure one of the supported request policies: `oneshot`, `per_worker`.