feat: add custom sms hook #1474

J0 · 2024-03-06T13:48:06Z

What kind of change does this PR introduce?

Allows devs to use a Custom SMS Provider via a HTTP Hook. SQL Hooks are not supported at this time as it requires significantly more effort to invoke a Hook via pg_net and handle errors as compared to using HTTP/HTTPS.

HTTP Hook invocation is done via the standardwebhooks library for symmetric hooks. Asymmetric hooks are being finalized by the committee and support will be added shortly.

The following changes are being made from the internal RFC:

Hooks have a timeout of 5 seconds instead of 15 seconds so as not to run for too long
Hooks have a size limit of 20kb. This is not stated in internal RFC but is part of the recommendations under the standard webhooks RFC.
We allow hooks using the http protocol . This is to support local development. Restriction to https can be done on the dashboard page for connecting a hook.
Add log statements where relevant and write proper error messages
Add more Gock tests

internal/api/hooks.go

## What kind of change does this PR introduce? Splits out config changes from #1474 - rename runHook to runPostgresHook - Allow http with https hooks only on localhost

J0 · 2024-03-17T15:49:20Z

I've realized I'd need an endpoint to run any sort of load against in order for there to be a meaningful metric. I've considered the following options:

Add command to Makefile and script / yaml file for testing.

Run benchmarks on an as needed basis, not in CI
Doesn't have to live in CI, minimal overhead

Use testcontainers to spin up a docker container with an edge function container that can be hit

Introduces a new dependency

Use a live Supabase project to test

Couples the concept of Supabase with Auth / GoTrue
Need to regularly swap out the URL and/or ensure project is not paused.

Port load tests to benchmarks repo

Let me know if there are any preferences

As an aside, I've realized I will likely need to allow for http with host.docker.internal as well, likely in the morrow.

internal/api/errors.go

internal/api/hooks.go

J0 · 2024-03-20T14:23:21Z

Test script for future reference (simulate periodic requests)

Create an export generate-phone.js

module.exports = {
  generatePhoneNumber: (context, events, done) => {
    const phonePrefix = "+1"; // Assuming US phone numbers for example
    const randomNumber = Math.floor(Math.random() * 9000000000) + 1000000000; // Generates a 10 digit number
    const phone = phonePrefix + randomNumber.toString();
    context.vars.phone = phone; // Set the generated phone number in the context
    return done();
  }
};

Create a phone-test.yml file:

config:
  target: 'http://localhost:9999'
  phases:
    - duration: 60 # Test duration in seconds
      arrivalRate: 5 # Number of new virtual users per second
  processor: "./generate-phone.js" # Custom JavaScript code for generating phone numbers

scenarios:
  - flow:
      - function: "generatePhoneNumber"
      - post:
          url: "/otp"
          json:
            phone: "{{ phone }}"

Run artillery run phone-test.yml. Ensure that these env vars are set:

GOTRUE_HOOK_CUSTOM_SMS_PROVIDER_ENABLED="true"
GOTRUE_HOOK_CUSTOM_SMS_PROVIDER_URI="http://host.docker.internal:54321/functions/v1/sms_sender"
GOTRUE_HOOK_CUSTOM_SMS_PROVIDER_SECRETS="v1,whsec_<base64_encoded>"

internal/api/helpers_test.go

internal/api/hooks.go

internal/conf/configuration.go

internal/api/hooks.go

hf

Looks good, would improve the errors / logs a bit.

internal/api/hooks.go

Co-authored-by: Stojan Dimitrovski <[email protected]>

J0 · 2024-03-27T06:28:23Z

For reference closer to release:

We need to document that the compression header is set to identity and not gzip compression - see this comment
Drop ContentLenght check if not relevant. See this comment for details.

🤖 I have created a release *beep* *boop* --- ## [2.146.0](v2.145.0...v2.146.0) (2024-04-03) ### Features * add custom sms hook ([#1474](#1474)) ([0f6b29a](0f6b29a)) * forbid generating an access token without a session ([#1504](#1504)) ([795e93d](795e93d)) ### Bug Fixes * add cleanup statement for anonymous users ([#1497](#1497)) ([cf2372a](cf2372a)) * generate signup link should not error ([#1514](#1514)) ([4fc3881](4fc3881)) * move all EmailActionTypes to mailer package ([#1510](#1510)) ([765db08](765db08)) * refactor mfa and aal update methods ([#1503](#1503)) ([31a5854](31a5854)) * rename from CustomSMSProvider to SendSMS ([#1513](#1513)) ([c0bc37b](c0bc37b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

## What kind of change does this PR introduce? Splits out config changes from supabase#1474 - rename runHook to runPostgresHook - Allow http with https hooks only on localhost

## What kind of change does this PR introduce? Allows devs to use a Custom SMS Provider via a HTTP Hook. SQL Hooks are not supported at this time as it requires significantly more effort to invoke a Hook via `pg_net` and handle errors as compared to using HTTP/HTTPS. HTTP Hook invocation is done via the [standardwebhooks](www.standardwebhooks.com) library for symmetric hooks. Asymmetric hooks are being finalized by the committee and support will be added shortly. The following changes are being made from the internal RFC: - [x] Hooks have a timeout of 5 seconds instead of 15 seconds so as not to run for too long - [x] Hooks have a size limit of 20kb. This is not stated in internal RFC but is part of the recommendations under the standard webhooks RFC. - [x] We allow hooks using the `http` protocol . This is to support local development. Restriction to https can be done on the dashboard page for connecting a hook. - [x] Add log statements where relevant and write proper error messages - [x] Add more Gock tests --------- Co-authored-by: Stojan Dimitrovski <[email protected]>

🤖 I have created a release *beep* *boop* --- ## [2.146.0](supabase/auth@v2.145.0...v2.146.0) (2024-04-03) ### Features * add custom sms hook ([supabase#1474](supabase#1474)) ([0f6b29a](supabase@0f6b29a)) * forbid generating an access token without a session ([supabase#1504](supabase#1504)) ([795e93d](supabase@795e93d)) ### Bug Fixes * add cleanup statement for anonymous users ([supabase#1497](supabase#1497)) ([cf2372a](supabase@cf2372a)) * generate signup link should not error ([supabase#1514](supabase#1514)) ([4fc3881](supabase@4fc3881)) * move all EmailActionTypes to mailer package ([supabase#1510](supabase#1510)) ([765db08](supabase@765db08)) * refactor mfa and aal update methods ([supabase#1503](supabase#1503)) ([31a5854](supabase@31a5854)) * rename from CustomSMSProvider to SendSMS ([supabase#1513](supabase#1513)) ([c0bc37b](supabase@c0bc37b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

## What kind of change does this PR introduce? Splits out config changes from supabase#1474 - rename runHook to runPostgresHook - Allow http with https hooks only on localhost

## What kind of change does this PR introduce? Allows devs to use a Custom SMS Provider via a HTTP Hook. SQL Hooks are not supported at this time as it requires significantly more effort to invoke a Hook via `pg_net` and handle errors as compared to using HTTP/HTTPS. HTTP Hook invocation is done via the [standardwebhooks](www.standardwebhooks.com) library for symmetric hooks. Asymmetric hooks are being finalized by the committee and support will be added shortly. The following changes are being made from the internal RFC: - [x] Hooks have a timeout of 5 seconds instead of 15 seconds so as not to run for too long - [x] Hooks have a size limit of 20kb. This is not stated in internal RFC but is part of the recommendations under the standard webhooks RFC. - [x] We allow hooks using the `http` protocol . This is to support local development. Restriction to https can be done on the dashboard page for connecting a hook. - [x] Add log statements where relevant and write proper error messages - [x] Add more Gock tests --------- Co-authored-by: Stojan Dimitrovski <[email protected]>

🤖 I have created a release *beep* *boop* --- ## [2.146.0](supabase/auth@v2.145.0...v2.146.0) (2024-04-03) ### Features * add custom sms hook ([supabase#1474](supabase#1474)) ([0f6b29a](supabase@0f6b29a)) * forbid generating an access token without a session ([supabase#1504](supabase#1504)) ([795e93d](supabase@795e93d)) ### Bug Fixes * add cleanup statement for anonymous users ([supabase#1497](supabase#1497)) ([cf2372a](supabase@cf2372a)) * generate signup link should not error ([supabase#1514](supabase#1514)) ([4fc3881](supabase@4fc3881)) * move all EmailActionTypes to mailer package ([supabase#1510](supabase#1510)) ([765db08](supabase@765db08)) * refactor mfa and aal update methods ([supabase#1503](supabase#1503)) ([31a5854](supabase@31a5854)) * rename from CustomSMSProvider to SendSMS ([supabase#1513](supabase#1513)) ([c0bc37b](supabase@c0bc37b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

hf reviewed Mar 13, 2024

View reviewed changes

J0 force-pushed the j0/add_hook_trigger_logic branch from 98ffa35 to 6aa36dd Compare March 13, 2024 09:34

J0 mentioned this pull request Mar 15, 2024

fix: add http support for https hooks on localhost #1484

Merged

J0 force-pushed the j0/add_hook_trigger_logic branch from fbce0d4 to 7283622 Compare March 15, 2024 08:18

J0 force-pushed the j0/add_hook_trigger_logic branch from 5f2b7ef to e885fe3 Compare March 17, 2024 13:33

feat: support invocation of http hooks

a156a5b

J0 force-pushed the j0/add_hook_trigger_logic branch from 8d1341e to a156a5b Compare March 17, 2024 15:14

Merge branch 'master' into j0/add_hook_trigger_logic

c9f238f

J0 marked this pull request as ready for review March 17, 2024 15:16

J0 requested a review from a team as a code owner March 17, 2024 15:16

fix: run gofmt

43df854

hf reviewed Mar 19, 2024

View reviewed changes

J0 added 3 commits March 19, 2024 13:08

fix: apply suggestions

9b37fb9

fix: remove readBodyWithLimit

bcfe761

fix: pass down context

730052a

J0 mentioned this pull request Mar 19, 2024

feat: add msg91 as phone provider (fork of #989) #1018

Closed

J0 added 2 commits March 20, 2024 10:15

fix: use content length header

eba4cd3

fix: switch to identity encoding

3c3e2b0

fix: move defer to right after error

3da7b58

J0 requested a review from hf March 21, 2024 03:57

J0 commented Mar 21, 2024

View reviewed changes

internal/api/helpers_test.go Show resolved Hide resolved

J0 commented Mar 21, 2024

View reviewed changes