Skip to content

Commit

Permalink
fix: add http support for https hooks on localhost (supabase#1484)
Browse files Browse the repository at this point in the history
## What kind of change does this PR introduce?
Splits out config changes from supabase#1474 
- rename runHook to runPostgresHook
- Allow http with https hooks only on localhost
  • Loading branch information
J0 authored Mar 17, 2024
1 parent 948e3b4 commit 5c04104
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 4 deletions.
8 changes: 4 additions & 4 deletions internal/api/hooks.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
"github.com/supabase/auth/internal/storage"
)

func (a *API) runHook(ctx context.Context, tx *storage.Connection, name string, input, output any) ([]byte, error) {
func (a *API) runPostgresHook(ctx context.Context, tx *storage.Connection, name string, input, output any) ([]byte, error) {
db := a.db.WithContext(ctx)

request, err := json.Marshal(input)
Expand Down Expand Up @@ -68,7 +68,7 @@ func (a *API) invokeHook(ctx context.Context, tx *storage.Connection, input, out
panic("output should be *hooks.MFAVerificationAttemptOutput")
}

if _, err := a.runHook(ctx, tx, config.Hook.MFAVerificationAttempt.HookName, input, output); err != nil {
if _, err := a.runPostgresHook(ctx, tx, config.Hook.MFAVerificationAttempt.HookName, input, output); err != nil {
return internalServerError("Error invoking MFA verification hook.").WithInternalError(err)
}

Expand All @@ -94,7 +94,7 @@ func (a *API) invokeHook(ctx context.Context, tx *storage.Connection, input, out
panic("output should be *hooks.PasswordVerificationAttemptOutput")
}

if _, err := a.runHook(ctx, tx, config.Hook.PasswordVerificationAttempt.HookName, input, output); err != nil {
if _, err := a.runPostgresHook(ctx, tx, config.Hook.PasswordVerificationAttempt.HookName, input, output); err != nil {
return internalServerError("Error invoking password verification hook.").WithInternalError(err)
}

Expand All @@ -120,7 +120,7 @@ func (a *API) invokeHook(ctx context.Context, tx *storage.Connection, input, out
panic("output should be *hooks.CustomAccessTokenOutput")
}

if _, err := a.runHook(ctx, tx, config.Hook.CustomAccessToken.HookName, input, output); err != nil {
if _, err := a.runPostgresHook(ctx, tx, config.Hook.CustomAccessToken.HookName, input, output); err != nil {
return internalServerError("Error invoking access token hook.").WithInternalError(err)
}

Expand Down
6 changes: 6 additions & 0 deletions internal/conf/configuration.go
Original file line number Diff line number Diff line change
Expand Up @@ -501,6 +501,12 @@ func (e *ExtensibilityPointConfiguration) ValidateExtensibilityPoint() error {
switch strings.ToLower(u.Scheme) {
case "pg-functions":
return validatePostgresPath(u)
case "http":
hostname := u.Hostname()
if hostname == "localhost" || hostname == "127.0.0.1" || hostname == "::1" {
return validateHTTPSHookSecrets(e.HTTPHookSecrets)
}
return fmt.Errorf("only localhost, 127.0.0.1, and ::1 are supported with http")
case "https":
return validateHTTPSHookSecrets(e.HTTPHookSecrets)
default:
Expand Down
2 changes: 2 additions & 0 deletions internal/conf/configuration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -161,8 +161,10 @@ func TestValidateExtensibilityPointURI(t *testing.T) {
{desc: "Valid Postgres URI", uri: "pg-functions://postgres/auth/verification_hook_reject", expectError: false},
{desc: "Another Valid URI", uri: "pg-functions://postgres/user_management/add_user", expectError: false},
{desc: "Another Valid URI", uri: "pg-functions://postgres/MySpeCial/FUNCTION_THAT_YELLS_AT_YOU", expectError: false},
{desc: "Valid HTTP URI", uri: "http://localhost/functions/v1/custom-sms-sender", expectError: false},

// Negative test cases
{desc: "Invalid HTTP URI", uri: "http://asdfgggg.website.co/functions/v1/custom-sms-sender", expectError: true},
{desc: "Invalid HTTPS URI (HTTP)", uri: "http://asdfgggqqwwerty.supabase.co/functions/v1/custom-sms-sender", expectError: true},
{desc: "Invalid Schema Name", uri: "pg-functions://postgres/123auth/verification_hook_reject", expectError: true},
{desc: "Invalid Function Name", uri: "pg-functions://postgres/auth/123verification_hook_reject", expectError: true},
Expand Down

0 comments on commit 5c04104

Please sign in to comment.