Deprecate some configs

ref #3098

cmd/portal/internal/migrate_resources.go

@@ -3,8 +3,11 @@ package internal
 import (
 	"context"
 	"database/sql"
-	"encoding/json"
+	"encoding/base64"
+	"errors"
 	"log"
+	"os"
+	"os/exec"
 	"reflect"
 )
 
@@ -15,6 +18,7 @@ type MigrateResourcesOptions struct {
 	UpdateConfigSourceFunc func(appID string, configSourceData map[string]string, DryRun bool) error
 }
 
+// nolint: gocognit
 func MigrateResources(opt *MigrateResourcesOptions) {
 	db := openDB(opt.DatabaseURL, opt.DatabaseSchema)
 
@@ -48,19 +52,24 @@ func MigrateResources(opt *MigrateResourcesOptions) {
 
 		if dryRun {
 			if updated {
-				log.Printf("dry run: original resources appid (%s)", c.AppID)
-				data, err := json.MarshalIndent(original, "", "  ")
+				appID := c.AppID
+				originalAuthgearYAMLBytes, err := base64.StdEncoding.DecodeString(original["authgear.yaml"])
 				if err != nil {
 					panic(err)
 				}
-				log.Printf("%s\n", string(data))
 
-				log.Printf("dry run: updated resources appid (%s)", c.AppID)
-				data, err = json.MarshalIndent(c.Data, "", "  ")
+				updatedAuthgearYAMLBytes, err := base64.StdEncoding.DecodeString(c.Data["authgear.yaml"])
 				if err != nil {
 					panic(err)
 				}
-				log.Printf("%s\n", string(data))
+
+				diff, err := Diff("authgear.yaml", originalAuthgearYAMLBytes, updatedAuthgearYAMLBytes)
+				if err != nil {
+					panic(err)
+				}
+
+				log.Printf("diff of authgear.yaml: %v\n", appID)
+				log.Printf("%v\n", diff)
 			}
 		}
 	}
@@ -86,3 +95,56 @@ func MigrateResources(opt *MigrateResourcesOptions) {
 	}
 	log.Printf("updated apps count: %d", count)
 }
+
+func Diff(filename string, original []byte, updated []byte) (diff string, err error) {
+	fOriginal, err := os.CreateTemp("", filename)
+	if err != nil {
+		return
+	}
+	defer os.Remove(fOriginal.Name())
+
+	fUpdated, err := os.CreateTemp("", filename)
+	if err != nil {
+		return
+	}
+	defer os.Remove(fUpdated.Name())
+
+	_, err = fOriginal.Write(original)
+	if err != nil {
+		return
+	}
+	err = fOriginal.Close()
+	if err != nil {
+		return
+	}
+
+	_, err = fUpdated.Write(updated)
+	if err != nil {
+		return
+	}
+	err = fUpdated.Close()
+	if err != nil {
+		return
+	}
+
+	output, err := exec.Command( // nolint:gosec
+		"diff",
+		"-u",
+		fOriginal.Name(),
+		fUpdated.Name(),
+	).CombinedOutput()
+	if err != nil {
+		var exitError *exec.ExitError
+		if errors.As(err, &exitError) {
+			if exitError.ExitCode() == 0 || exitError.ExitCode() == 1 {
+				err = nil
+			}
+		}
+		if err != nil {
+			return
+		}
+	}
+
+	diff = string(output)
+	return
+}

pkg/lib/config/authenticator.go

@@ -31,15 +31,17 @@ var _ = Schema.Add("AuthenticatorPasswordConfig", `
 `)
 
 type AuthenticatorPasswordConfig struct {
-	Policy      *PasswordPolicyConfig    `json:"policy,omitempty"`
-	ForceChange *bool                    `json:"force_change,omitempty"`
-	Ratelimit   *PasswordRatelimitConfig `json:"ratelimit,omitempty"`
+	Policy               *PasswordPolicyConfig    `json:"policy,omitempty"`
+	ForceChange          *bool                    `json:"force_change,omitempty"`
+	Deprecated_Ratelimit *PasswordRatelimitConfig `json:"ratelimit,omitempty"`
 }
 
 func (c *AuthenticatorPasswordConfig) SetDefaults() {
 	if c.ForceChange == nil {
 		c.ForceChange = newBool(true)
 	}
+
+	c.Deprecated_Ratelimit = nil
 }
 
 var _ = Schema.Add("PasswordPolicyConfig", `

pkg/lib/config/config.go

@@ -72,10 +72,10 @@ type AppConfig struct {
 	AccountDeletion      *AccountDeletionConfig      `json:"account_deletion,omitempty"`
 	AccountAnonymization *AccountAnonymizationConfig `json:"account_anonymization,omitempty"`
 
-	ForgotPassword *ForgotPasswordConfig `json:"forgot_password,omitempty"`
-	WelcomeMessage *WelcomeMessageConfig `json:"welcome_message,omitempty"`
-	Verification   *VerificationConfig   `json:"verification,omitempty"`
-	OTP            *OTPLegacyConfig      `json:"otp,omitempty"`
+	ForgotPassword            *ForgotPasswordConfig `json:"forgot_password,omitempty"`
+	Deprecated_WelcomeMessage *WelcomeMessageConfig `json:"welcome_message,omitempty"`
+	Verification              *VerificationConfig   `json:"verification,omitempty"`
+	Deprecated_OTP            *OTPLegacyConfig      `json:"otp,omitempty"`
 
 	Web3 *Web3Config `json:"web3,omitempty"`
 
@@ -90,6 +90,11 @@ type AppConfig struct {
 	AuthenticationFlow *AuthenticationFlowConfig `json:"authentication_flow,omitempty"`
 }
 
+func (c *AppConfig) SetDefaults() {
+	c.Deprecated_WelcomeMessage = nil
+	c.Deprecated_OTP = nil
+}
+
 func (c *AppConfig) Validate(ctx *validation.Context) {
 	// Validation 1: lifetime of refresh token >= lifetime of access token
 	c.validateTokenLifetime(ctx)

pkg/lib/config/feature.go

@@ -21,7 +21,6 @@ var _ = FeatureConfigSchema.Add("FeatureConfig", `
 		"hook": { "$ref": "#/$defs/HookFeatureConfig" },
 		"audit_log": { "$ref": "#/$defs/AuditLogFeatureConfig" },
 		"google_tag_manager": { "$ref": "#/$defs/GoogleTagManagerFeatureConfig" },
-		"rate_limit": { "$ref": "#/$defs/RateLimitFeatureConfig" },
 		"rate_limits": { "$ref": "#/$defs/RateLimitsFeatureConfig" },
 		"messaging": { "$ref": "#/$defs/MessagingFeatureConfig" },
 		"collaborator": { "$ref": "#/$defs/CollaboratorFeatureConfig" },
@@ -42,7 +41,6 @@ type FeatureConfig struct {
 	Hook             *HookFeatureConfig             `json:"hook,omitempty"`
 	AuditLog         *AuditLogFeatureConfig         `json:"audit_log,omitempty"`
 	GoogleTagManager *GoogleTagManagerFeatureConfig `json:"google_tag_manager,omitempty"`
-	RateLimit        *RateLimitFeatureConfig        `json:"rate_limit,omitempty"`
 	RateLimits       *RateLimitsFeatureConfig       `json:"rate_limits,omitempty"`
 	Messaging        *MessagingFeatureConfig        `json:"messaging,omitempty"`
 	Collaborator     *CollaboratorFeatureConfig     `json:"collaborator,omitempty"`

pkg/lib/config/messaging.go

@@ -15,11 +15,16 @@ var _ = Schema.Add("MessagingConfig", `
 `)
 
 type MessagingConfig struct {
-	SMSProvider SMSProvider                `json:"sms_provider,omitempty"`
-	SMS         *SMSConfig                 `json:"sms,omitempty"`
-	Email       *EmailConfig               `json:"email,omitempty"`
-	Whatsapp    *WhatsappConfig            `json:"whatsapp,omitempty"`
-	RateLimits  *MessagingRateLimitsConfig `json:"rate_limits,omitempty"`
+	SMSProvider      SMSProvider                `json:"sms_provider,omitempty"`
+	Deprecated_SMS   *SMSConfig                 `json:"sms,omitempty"`
+	Deprecated_Email *EmailConfig               `json:"email,omitempty"`
+	Whatsapp         *WhatsappConfig            `json:"whatsapp,omitempty"`
+	RateLimits       *MessagingRateLimitsConfig `json:"rate_limits,omitempty"`
+}
+
+func (c *MessagingConfig) SetDefaults() {
+	c.Deprecated_SMS = nil
+	c.Deprecated_Email = nil
 }
 
 var _ = Schema.Add("SMSProvider", `

pkg/lib/config/testdata/default_config.yaml

@@ -261,16 +261,6 @@ localization:
   fallback_language: en
   supported_languages: ["en"]
 messaging:
-  sms:
-    ratelimit:
-      per_phone:
-        enabled: false
-      per_ip:
-        enabled: false
-      resend_cooldown_seconds: 60
-  email:
-    ratelimit:
-      resend_cooldown_seconds: 60
   whatsapp:
     api_type: on-premises
   rate_limits:
@@ -477,10 +467,6 @@ authenticator:
     force_change: true
     policy:
       min_length: 8
-    ratelimit:
-      failed_attempt:
-        size: 10
-        reset_period: 1m
   totp:
     maximum: 99
   oob_otp:
@@ -603,8 +589,6 @@ forgot_password:
         enabled: true
         period: 1m
         burst: 60
-welcome_message:
-  destination: first
 verification:
   claims:
     email:
@@ -615,7 +599,6 @@ verification:
       required: true
   criteria: any
   code_valid_period: 1h0m0s
-  code_expiry_seconds: 3600
   rate_limits:
     email:
       trigger_per_ip: {}
@@ -633,10 +616,6 @@ verification:
         enabled: true
         period: 1m
         burst: 60
-otp:
-  ratelimit:
-    failed_attempt:
-      enabled: false
 web3:
   siwe: {}
   nft: {}

pkg/lib/config/verification.go

@@ -33,21 +33,22 @@ type VerificationConfig struct {
 	Criteria   VerificationCriteria          `json:"criteria,omitempty"`
 	RateLimits *VerificationRateLimitsConfig `json:"rate_limits,omitempty"`
 
-	// CodeExpirySeconds is deprecated
-	CodeExpirySeconds DurationSeconds `json:"code_expiry_seconds,omitempty"`
-	CodeValidPeriod   DurationString  `json:"code_valid_period,omitempty"`
+	Deprecated_CodeExpirySeconds DurationSeconds `json:"code_expiry_seconds,omitempty"`
+	CodeValidPeriod              DurationString  `json:"code_valid_period,omitempty"`
 }
 
 func (c *VerificationConfig) SetDefaults() {
 	if c.Criteria == "" {
 		c.Criteria = VerificationCriteriaAny
 	}
-	if c.CodeExpirySeconds == 0 {
-		c.CodeExpirySeconds = DurationSeconds(3600)
+	if c.Deprecated_CodeExpirySeconds == 0 {
+		c.Deprecated_CodeExpirySeconds = DurationSeconds(3600)
 	}
 	if c.CodeValidPeriod == "" {
-		c.CodeValidPeriod = DurationString(c.CodeExpirySeconds.Duration().String())
+		c.CodeValidPeriod = DurationString(c.Deprecated_CodeExpirySeconds.Duration().String())
 	}
+
+	c.Deprecated_CodeExpirySeconds = 0
 }
 
 var _ = Schema.Add("VerificationClaimsConfig", `

pkg/lib/deps/deps_config.go

@@ -23,9 +23,7 @@ var ConfigDeps = wire.NewSet(
 		"Authenticator",
 		"UserProfile",
 		"ForgotPassword",
-		"WelcomeMessage",
 		"Verification",
-		"OTP",
 		"AccountDeletion",
 		"AccountAnonymization",
 		"Web3",
@@ -44,8 +42,6 @@ var ConfigDeps = wire.NewSet(
 		"OnConflict",
 	),
 	wire.FieldsOf(new(*config.MessagingConfig),
-		"SMS",
-		"Email",
 		"Whatsapp",
 		"RateLimits",
 	),
@@ -64,7 +60,6 @@ var ConfigDeps = wire.NewSet(
 		"OAuth",
 		"AuditLog",
 		"Collaborator",
-		"RateLimit",
 		"RateLimits",
 		"Messaging",
 		"AdminAPI",