feat: add custom email sender hook

supabase · Mar 26, 2024 · da7b539 · da7b539
1 parent a07fbdc
commit da7b539
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 9 deletions.
diff --git a/internal/api/mail.go b/internal/api/mail.go
@@ -1,6 +1,7 @@
 package api
 
 import (
+	"github.com/supabase/auth/internal/hooks"
 	"net/http"
 	"strings"
 	"time"
@@ -260,7 +261,7 @@ func (a *API) adminGenerateLink(w http.ResponseWriter, r *http.Request) error {
 	return sendJSON(w, http.StatusOK, resp)
 }
 
-func (a *API) sendConfirmation(r *http.Request, tx *storage.Connection, u *models.User, flowType models.FlowType) error {
+func (a *API) sendConfirmation(r *http.Request, tx *storage.Connection, user *models.User, flowType models.FlowType) error {
 	ctx := r.Context()
 	mailer := a.Mailer()
 	config := a.config
@@ -269,24 +270,38 @@ func (a *API) sendConfirmation(r *http.Request, tx *storage.Connection, u *model
 	referrerURL := utilities.GetReferrer(r, config)
 	externalURL := getExternalHost(ctx)
 	var err error
-	if err := validateSentWithinFrequencyLimit(u.ConfirmationSentAt, maxFrequency); err != nil {
+	if err := validateSentWithinFrequencyLimit(user.ConfirmationSentAt, maxFrequency); err != nil {
 		return err
 	}
-	oldToken := u.ConfirmationToken
+	oldToken := user.ConfirmationToken
 	otp, err := crypto.GenerateOtp(otpLength)
 	if err != nil {
 		// OTP generation must succeeed
 		panic(err)
 	}
-	token := crypto.GenerateTokenHash(u.GetEmail(), otp)
-	u.ConfirmationToken = addFlowPrefixToToken(token, flowType)
+	token := crypto.GenerateTokenHash(user.GetEmail(), otp)
+	user.ConfirmationToken = addFlowPrefixToToken(token, flowType)
 	now := time.Now()
-	if err := mailer.ConfirmationMail(r, u, otp, referrerURL, externalURL); err != nil {
-		u.ConfirmationToken = oldToken
+	if config.Hook.CustomEmailProvider.Enabled {
+		input := hooks.CustomEmailProviderInput{
+			UserID: user.ID,
+			Email:  user.Email.String(),
+			OTP:    otp,
+		}
+		output := hooks.CustomEmailProviderOutput{}
+		err := a.invokeHTTPHook(ctx, r, &input, &output, config.Hook.CustomEmailProvider.URI)
+		if err != nil {
+			return err
+		}
+		return nil
+	}
+
+	if err := mailer.ConfirmationMail(r, user, otp, referrerURL, externalURL); err != nil {
+		user.ConfirmationToken = oldToken
 		return errors.Wrap(err, "Error sending confirmation email")
 	}
-	u.ConfirmationSentAt = &now
-	err = tx.UpdateOnly(u, "confirmation_token", "confirmation_sent_at")
+	user.ConfirmationSentAt = &now
+	err = tx.UpdateOnly(user, "confirmation_token", "confirmation_sent_at")
 	if err != nil {
 		return errors.Wrap(err, "Database error updating user for confirmation")
 	}

diff --git a/internal/conf/configuration.go b/internal/conf/configuration.go
@@ -452,6 +452,7 @@ type HookConfiguration struct {
 	PasswordVerificationAttempt ExtensibilityPointConfiguration `json:"password_verification_attempt" split_words:"true"`
 	CustomAccessToken           ExtensibilityPointConfiguration `json:"custom_access_token" split_words:"true"`
 	CustomSMSProvider           ExtensibilityPointConfiguration `json:"custom_sms_provider" split_words:"true"`
+	CustomEmailProvider         ExtensibilityPointConfiguration `json:"custom_email_provider" split_words:"true"`
 }
 
 type HTTPHookSecrets []string

diff --git a/internal/hooks/auth_hooks.go b/internal/hooks/auth_hooks.go
@@ -150,6 +150,17 @@ type CustomSMSProviderOutput struct {
 	HookError AuthHookError `json:"error,omitempty"`
 }
 
+type CustomEmailProviderInput struct {
+	UserID uuid.UUID `json:"user_id"`
+	Email  string    `json:"email"`
+	OTP    string    `json:"otp"`
+}
+
+type CustomEmailProviderOutput struct {
+	Success   bool          `json:"success"`
+	HookError AuthHookError `json:"error,omitempty"`
+}
+
 func (mf *MFAVerificationAttemptOutput) IsError() bool {
 	return mf.HookError.Message != ""
 }