feat: add web3 solana configs

internal/start/start.go

@@ -505,6 +505,7 @@ EOF
 			fmt.Sprintf("GOTRUE_RATE_LIMIT_OTP=%v", utils.Config.Auth.RateLimit.SignInSignUps),
 			fmt.Sprintf("GOTRUE_RATE_LIMIT_VERIFY=%v", utils.Config.Auth.RateLimit.TokenVerifications),
 			fmt.Sprintf("GOTRUE_RATE_LIMIT_SMS_SENT=%v", utils.Config.Auth.RateLimit.SmsSent),
+			fmt.Sprintf("GOTRUE_RATE_LIMIT_WEB3=%v", utils.Config.Auth.RateLimit.Web3),
 		}
 
 		if utils.Config.Auth.Email.Smtp != nil && utils.Config.Auth.Email.Smtp.Enabled {
@@ -669,6 +670,7 @@ EOF
 				env = append(env, fmt.Sprintf("GOTRUE_EXTERNAL_%s_URL=%s", strings.ToUpper(name), config.Url))
 			}
 		}
+		env = append(env, fmt.Sprintf("GOTRUE_EXTERNAL_WEB3_SOLANA_ENABLED=%v", utils.Config.Auth.Web3.Solana.Enabled))
 
 		if _, err := utils.DockerStart(
 			ctx,

pkg/config/auth.go

@@ -92,6 +92,7 @@ type (
 		Email     email     `toml:"email"`
 		Sms       sms       `toml:"sms"`
 		External  external  `toml:"external"`
+		Web3      web3      `toml:"web3"`
 
 		// Custom secrets can be injected from .env file
 		JwtSecret      Secret `toml:"jwt_secret"`
@@ -117,6 +118,7 @@ type (
 		TokenVerifications uint `toml:"token_verifications"`
 		EmailSent          uint `toml:"email_sent"`
 		SmsSent            uint `toml:"sms_sent"`
+		Web3               uint `toml:"web3"`
 	}
 
 	tpaFirebase struct {
@@ -265,6 +267,14 @@ type (
 		RedirectUri    string `toml:"redirect_uri"`
 		SkipNonceCheck bool   `toml:"skip_nonce_check"`
 	}
+
+	solana struct {
+		Enabled bool `toml:"enabled"`
+	}
+
+	web3 struct {
+		Solana solana `toml:"solana"`
+	}
 )
 
 func (a *auth) ToUpdateAuthConfigBody() v1API.UpdateAuthConfigBody {
@@ -295,6 +305,7 @@ func (a *auth) ToUpdateAuthConfigBody() v1API.UpdateAuthConfigBody {
 	a.Email.toAuthConfigBody(&body)
 	a.Sms.toAuthConfigBody(&body)
 	a.External.toAuthConfigBody(&body)
+	a.Web3.toAuthConfigBody(&body)
 	return body
 }
 
@@ -321,6 +332,7 @@ func (a *auth) FromRemoteAuthConfig(remoteConfig v1API.AuthConfigResponse) {
 	a.Email.fromAuthConfig(remoteConfig)
 	a.Sms.fromAuthConfig(remoteConfig)
 	a.External.fromAuthConfig(remoteConfig)
+	a.Web3.fromAuthConfig(remoteConfig)
 }
 
 func (r rateLimit) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
@@ -330,6 +342,7 @@ func (r rateLimit) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
 	body.RateLimitVerify = nullable.NewNullableWithValue(cast.UintToInt(r.TokenVerifications))
 	// Email rate limit is only updated when SMTP is enabled
 	body.RateLimitSmsSent = nullable.NewNullableWithValue(cast.UintToInt(r.SmsSent))
+	body.RateLimitWeb3 = nullable.NewNullableWithValue((cast.UintToInt(r.Web3)))
 }
 
 func (r *rateLimit) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
@@ -339,6 +352,7 @@ func (r *rateLimit) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
 	r.TokenVerifications = cast.IntToUint(ValOrDefault(remoteConfig.RateLimitVerify, 0))
 	// Email rate limit is only updated when SMTP is enabled
 	r.SmsSent = cast.IntToUint(ValOrDefault(remoteConfig.RateLimitSmsSent, 0))
+	r.Web3 = cast.IntToUint(ValOrDefault(remoteConfig.RateLimitWeb3, 0))
 }
 
 func (c captcha) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
@@ -1198,6 +1212,16 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
 	}
 }
 
+func (w web3) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
+	body.ExternalWeb3SolanaEnabled = nullable.NewNullableWithValue(w.Solana.Enabled)
+}
+
+func (w *web3) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
+	if value, err := remoteConfig.ExternalWeb3SolanaEnabled.Get(); err == nil {
+		w.Solana.Enabled = value
+	}
+}
+
 func (a *auth) DiffWithRemote(remoteConfig v1API.AuthConfigResponse) ([]byte, error) {
 	copy := a.Clone()
 	// Convert the config values into easily comparable remoteConfig values

pkg/config/templates/config.toml

@@ -140,6 +140,8 @@ token_refresh = 150
 sign_in_sign_ups = 30
 # Number of OTP / Magic link verifications that can be made in a 5 minute interval per IP address.
 token_verifications = 30
+# Number of Web3 logins that can be made in a 5 minute interval per IP address.
+web3 = 30
 
 # Configure one of the supported captcha providers: `hcaptcha`, `turnstile`.
 # [auth.captcha]
@@ -252,6 +254,11 @@ url = ""
 # If enabled, the nonce check will be skipped. Required for local sign in with Google auth.
 skip_nonce_check = false
 
+# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard.
+# You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting.
+[auth.web3.solana]
+enabled = false
+
 # Use Firebase Auth as a third-party provider alongside Supabase Auth.
 [auth.third_party.firebase]
 enabled = false

pkg/config/testdata/TestCaptchaDiff/local_disabled_remote_enabled.diff

@@ -1,8 +1,8 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -22,7 +22,7 @@
- sms_sent = 0
+@@ -23,7 +23,7 @@
+ web3 = 0
 
  [captcha]
 -enabled = true

pkg/config/testdata/TestCaptchaDiff/local_enabled_remote_disabled.diff

@@ -1,8 +1,8 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -22,9 +22,9 @@
- sms_sent = 0
+@@ -23,9 +23,9 @@
+ web3 = 0
 
  [captcha]
 -enabled = false

pkg/config/testdata/TestEmailDiff/local_disabled_remote_enabled.diff

@@ -1,7 +1,7 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -43,13 +43,13 @@
+@@ -44,13 +44,13 @@
  inactivity_timeout = "0s"
 
  [email]

pkg/config/testdata/TestEmailDiff/local_enabled_remote_disabled.diff

@@ -1,7 +1,7 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -43,36 +43,44 @@
+@@ -44,36 +44,44 @@
  inactivity_timeout = "0s"
 
  [email]

pkg/config/testdata/TestExternalDiff/local_enabled_and_disabled.diff

@@ -1,7 +1,7 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -83,7 +83,7 @@
+@@ -84,7 +84,7 @@
 
  [external]
  [external.apple]
@@ -10,7 +10,7 @@ diff remote[auth] local[auth]
  client_id = "test-client-1,test-client-2"
  secret = "hash:ce62bb9bcced294fd4afe668f8ab3b50a89cf433093c526fffa3d0e46bf55252"
  url = ""
-@@ -90,9 +90,9 @@
+@@ -91,9 +91,9 @@
  redirect_uri = ""
  skip_nonce_check = false
  [external.azure]
@@ -23,7 +23,7 @@ diff remote[auth] local[auth]
  url = ""
  redirect_uri = ""
  skip_nonce_check = false
-@@ -139,7 +139,7 @@
+@@ -140,7 +140,7 @@
  redirect_uri = ""
  skip_nonce_check = false
  [external.google]

pkg/config/testdata/TestHookDiff/local_disabled_remote_enabled.diff

@@ -1,7 +1,7 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -23,19 +23,19 @@
+@@ -24,19 +24,19 @@
 
  [hook]
  [hook.mfa_verification_attempt]

pkg/config/testdata/TestHookDiff/local_enabled_remote_disabled.diff

@@ -1,7 +1,7 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -23,20 +23,20 @@
+@@ -24,20 +24,20 @@
 
  [hook]
  [hook.mfa_verification_attempt]

pkg/config/testdata/TestMfaDiff/local_enabled_and_disabled.diff

@@ -1,7 +1,7 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -24,16 +24,16 @@
+@@ -25,16 +25,16 @@
  [hook]
 
  [mfa]

pkg/config/testdata/TestRateLimitsDiff/local_and_remote_rate_limits_differ.diff

@@ -15,6 +15,6 @@ diff remote[auth] local[auth]
 -sms_sent = 55
 +email_sent = 25
 +sms_sent = 35
+ web3 = 0
 
  [hook]
-

pkg/config/testdata/TestSmsDiff/enable_sign_up_without_provider.diff

@@ -1,7 +1,7 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -52,7 +52,7 @@
+@@ -53,7 +53,7 @@
  otp_expiry = 0
 
  [sms]

pkg/config/testdata/TestSmsDiff/local_disabled_remote_enabled.diff

@@ -1,7 +1,7 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -52,12 +52,12 @@
+@@ -53,12 +53,12 @@
  otp_expiry = 0
 
  [sms]
@@ -19,12 +19,12 @@ diff remote[auth] local[auth]
  account_sid = ""
  message_service_sid = ""
  auth_token = ""
-@@ -80,8 +80,6 @@
+@@ -81,8 +81,6 @@
  api_key = ""
  api_secret = ""
  [sms.test_otp]
 -123 = "456"
 -456 = "123"
 
- [third_party]
- [third_party.firebase]
+ [web3]
+ [web3.solana]

pkg/config/testdata/TestSmsDiff/local_enabled_remote_disabled.diff

@@ -1,7 +1,7 @@
 diff remote[auth] local[auth]
 --- remote[auth]
 +++ local[auth]
-@@ -52,12 +52,12 @@
+@@ -53,12 +53,12 @@
  otp_expiry = 0
 
  [sms]
@@ -19,7 +19,7 @@ diff remote[auth] local[auth]
  account_sid = ""
  message_service_sid = ""
  auth_token = ""
-@@ -67,9 +67,9 @@
+@@ -68,9 +68,9 @@
  message_service_sid = ""
  auth_token = ""
  [sms.messagebird]
@@ -32,11 +32,11 @@ diff remote[auth] local[auth]
  [sms.textlocal]
  enabled = false
  sender = ""
-@@ -80,6 +80,7 @@
+@@ -81,6 +81,7 @@
  api_key = ""
  api_secret = ""
  [sms.test_otp]
 +123 = "456"
 
- [third_party]
- [third_party.firebase]
+ [web3]
+ [web3.solana]

pkg/config/testdata/config.toml

@@ -140,6 +140,8 @@ token_refresh = 150
 sign_in_sign_ups = 30
 # Number of OTP / Magic link verifications that can be made in a 5 minute interval per IP address.
 token_verifications = 30
+# Number of Web3 logins that can be made in a 5 minute interval per IP address.
+web3 = 30
 
 # Configure one of the supported captcha providers: `hcaptcha`, `turnstile`.
 [auth.captcha]
@@ -253,6 +255,11 @@ url = "https://login.microsoftonline.com/tenant"
 # If enabled, the nonce check will be skipped. Required for local sign in with Google auth.
 skip_nonce_check = true
 
+# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard.
+# You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting.
+[auth.web3.solana]
+enabled = true
+
 [edge_runtime]
 enabled = true
 # Configure one of the supported request policies: `oneshot`, `per_worker`.