Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: hide hook name #1743

Merged
merged 1 commit into from
Aug 28, 2024
Merged

fix: hide hook name #1743

merged 1 commit into from
Aug 28, 2024

Conversation

J0
Copy link
Contributor

@J0 J0 commented Aug 27, 2024

What kind of change does this PR introduce?

The HookName is generated from the Postgres URI and used internally to invoke the hook.

Context: #1734 (comment)

Since it's for internal use, we don't expose it similar to what we do with encryption key and other similar fields.

This is fine since we don't marshal the extensibility point.

Testing setup

We don't marshal the struct so it should be fine but for additional sanity check ran this locally:

GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED="true"
GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI="pg-functions://postgres/public/custom_access_token_hook"
create or replace function public.custom_access_token_hook(event jsonb)
returns jsonb
language plpgsql
as $$
  declare
    claims jsonb;
  begin
   

    -- Proceed only if the user is an admin
      claims := event->'claims';

      -- Check if 'user_metadata' exists in claims
      if jsonb_typeof(claims->'user_metadata') is null then
        -- If 'user_metadata' does not exist, create an empty object
        claims := jsonb_set(claims, '{user_metadata}', '{}');
      end if;

      -- Set a claim of 'admin'
      claims := jsonb_set(claims, '{user_metadata, admin}', 'true');

      -- Update the 'claims' object in the original event
      event := jsonb_set(event, '{claims}', claims);

    -- Return the modified or original event
    return event;
  end;
$$;

grant execute
  on function public.custom_access_token_hook
  to supabase_auth_admin;

revoke execute
  on function public.custom_access_token_hook
  from authenticated, anon, public;

grant usage on schema public to supabase_auth_admin;

@J0 J0 requested a review from a team as a code owner August 27, 2024 10:48
@coveralls
Copy link

Pull Request Test Coverage Report for Build 10576651781

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 57.972%

Totals Coverage Status
Change from base Build 10553378997: 0.0%
Covered Lines: 9210
Relevant Lines: 15887

💛 - Coveralls

@J0 J0 merged commit 7e38f4c into master Aug 28, 2024
3 checks passed
@J0 J0 deleted the j0/hide_hook_name branch August 28, 2024 17:26
kangmingtay pushed a commit that referenced this pull request Aug 28, 2024
🤖 I have created a release *beep* *boop*
---


##
[2.159.2](v2.159.1...v2.159.2)
(2024-08-28)


### Bug Fixes

* allow anonymous user to update password
([#1739](#1739))
([2d51956](2d51956))
* hide hook name ([#1743](#1743))
([7e38f4c](7e38f4c))
* remove server side cookie token methods
([#1742](#1742))
([c6efec4](c6efec4))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
uxodb pushed a commit to uxodb/auth that referenced this pull request Nov 13, 2024
## What kind of change does this PR introduce?

The HookName is generated from the Postgres URI and used internally to
invoke the hook.

Context:
supabase#1734 (comment)

Since it's for internal use, we don't expose it similar to what we do
with [encryption
key](https://github.com/supabase/auth/compare/j0/hide_hook_name?expand=1#diff-4c28cb40881781a1067b3b3681c43f805dab629f31f3c7614b0f781ffa096505L457)
and other similar fields.

This is fine since we don't marshal the extensibility point.

## Testing setup

We don't marshal the struct so it should be fine but for additional
sanity check ran this locally:
```
GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED="true"
GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI="pg-functions://postgres/public/custom_access_token_hook"
```

```
create or replace function public.custom_access_token_hook(event jsonb)
returns jsonb
language plpgsql
as $$
  declare
    claims jsonb;
  begin
   

    -- Proceed only if the user is an admin
      claims := event->'claims';

      -- Check if 'user_metadata' exists in claims
      if jsonb_typeof(claims->'user_metadata') is null then
        -- If 'user_metadata' does not exist, create an empty object
        claims := jsonb_set(claims, '{user_metadata}', '{}');
      end if;

      -- Set a claim of 'admin'
      claims := jsonb_set(claims, '{user_metadata, admin}', 'true');

      -- Update the 'claims' object in the original event
      event := jsonb_set(event, '{claims}', claims);

    -- Return the modified or original event
    return event;
  end;
$$;

grant execute
  on function public.custom_access_token_hook
  to supabase_auth_admin;

revoke execute
  on function public.custom_access_token_hook
  from authenticated, anon, public;

grant usage on schema public to supabase_auth_admin;
```
uxodb pushed a commit to uxodb/auth that referenced this pull request Nov 13, 2024
🤖 I have created a release *beep* *boop*
---


##
[2.159.2](supabase/auth@v2.159.1...v2.159.2)
(2024-08-28)


### Bug Fixes

* allow anonymous user to update password
([supabase#1739](supabase#1739))
([2d51956](supabase@2d51956))
* hide hook name ([supabase#1743](supabase#1743))
([7e38f4c](supabase@7e38f4c))
* remove server side cookie token methods
([supabase#1742](supabase#1742))
([c6efec4](supabase@c6efec4))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 13, 2024
## What kind of change does this PR introduce?

The HookName is generated from the Postgres URI and used internally to
invoke the hook.

Context:
supabase#1734 (comment)

Since it's for internal use, we don't expose it similar to what we do
with [encryption
key](https://github.com/supabase/auth/compare/j0/hide_hook_name?expand=1#diff-4c28cb40881781a1067b3b3681c43f805dab629f31f3c7614b0f781ffa096505L457)
and other similar fields.

This is fine since we don't marshal the extensibility point.

## Testing setup

We don't marshal the struct so it should be fine but for additional
sanity check ran this locally:
```
GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED="true"
GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI="pg-functions://postgres/public/custom_access_token_hook"
```

```
create or replace function public.custom_access_token_hook(event jsonb)
returns jsonb
language plpgsql
as $$
  declare
    claims jsonb;
  begin
   

    -- Proceed only if the user is an admin
      claims := event->'claims';

      -- Check if 'user_metadata' exists in claims
      if jsonb_typeof(claims->'user_metadata') is null then
        -- If 'user_metadata' does not exist, create an empty object
        claims := jsonb_set(claims, '{user_metadata}', '{}');
      end if;

      -- Set a claim of 'admin'
      claims := jsonb_set(claims, '{user_metadata, admin}', 'true');

      -- Update the 'claims' object in the original event
      event := jsonb_set(event, '{claims}', claims);

    -- Return the modified or original event
    return event;
  end;
$$;

grant execute
  on function public.custom_access_token_hook
  to supabase_auth_admin;

revoke execute
  on function public.custom_access_token_hook
  from authenticated, anon, public;

grant usage on schema public to supabase_auth_admin;
```
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 13, 2024
🤖 I have created a release *beep* *boop*
---


##
[2.159.2](supabase/auth@v2.159.1...v2.159.2)
(2024-08-28)


### Bug Fixes

* allow anonymous user to update password
([supabase#1739](supabase#1739))
([2d51956](supabase@2d51956))
* hide hook name ([supabase#1743](supabase#1743))
([7e38f4c](supabase@7e38f4c))
* remove server side cookie token methods
([supabase#1742](supabase#1742))
([c6efec4](supabase@c6efec4))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 15, 2024
## What kind of change does this PR introduce?

The HookName is generated from the Postgres URI and used internally to
invoke the hook.

Context:
supabase#1734 (comment)

Since it's for internal use, we don't expose it similar to what we do
with [encryption
key](https://github.com/supabase/auth/compare/j0/hide_hook_name?expand=1#diff-4c28cb40881781a1067b3b3681c43f805dab629f31f3c7614b0f781ffa096505L457)
and other similar fields.

This is fine since we don't marshal the extensibility point.

## Testing setup

We don't marshal the struct so it should be fine but for additional
sanity check ran this locally:
```
GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED="true"
GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI="pg-functions://postgres/public/custom_access_token_hook"
```

```
create or replace function public.custom_access_token_hook(event jsonb)
returns jsonb
language plpgsql
as $$
  declare
    claims jsonb;
  begin
   

    -- Proceed only if the user is an admin
      claims := event->'claims';

      -- Check if 'user_metadata' exists in claims
      if jsonb_typeof(claims->'user_metadata') is null then
        -- If 'user_metadata' does not exist, create an empty object
        claims := jsonb_set(claims, '{user_metadata}', '{}');
      end if;

      -- Set a claim of 'admin'
      claims := jsonb_set(claims, '{user_metadata, admin}', 'true');

      -- Update the 'claims' object in the original event
      event := jsonb_set(event, '{claims}', claims);

    -- Return the modified or original event
    return event;
  end;
$$;

grant execute
  on function public.custom_access_token_hook
  to supabase_auth_admin;

revoke execute
  on function public.custom_access_token_hook
  from authenticated, anon, public;

grant usage on schema public to supabase_auth_admin;
```
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 15, 2024
🤖 I have created a release *beep* *boop*
---


##
[2.159.2](supabase/auth@v2.159.1...v2.159.2)
(2024-08-28)


### Bug Fixes

* allow anonymous user to update password
([supabase#1739](supabase#1739))
([2d51956](supabase@2d51956))
* hide hook name ([supabase#1743](supabase#1743))
([7e38f4c](supabase@7e38f4c))
* remove server side cookie token methods
([supabase#1742](supabase#1742))
([c6efec4](supabase@c6efec4))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants