Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

staging to main - migration to supabase #593

Merged
merged 143 commits into from
May 23, 2023
Merged

staging to main - migration to supabase #593

merged 143 commits into from
May 23, 2023

Conversation

ff6347
Copy link
Collaborator

@ff6347 ff6347 commented May 23, 2023
edited
Loading

This PR will remove Auth0.com as authentication provider and move all auth related logic to Supabase.com

Great thanks go to auth0.com for providing us with a free account for this project. Since we created giessdenkiez.de a lot of things have changed. Our skill-set and team grew a lot, we learned to use several other stacks. We moved away from AWS as provider for our prototypes (only S3 is still in use). We moved our tree database to Supabase. We moved to Next.js with the site and now we are leaving auth0.com in favor of supabase.com

This will make the stack we use way smaller and hopefully increase adoption.

WARNING: This is a BREAKING CHANGE and might introduce new bugs that we did not anticipate during development.

@ff6347
feat(auth): Working auth using supabase
982791e 
With: signup, login, password reset, change password, change email, change username
@ff6347
refactor(api routes): Match routes of new api
2e4261b
@ff6347
refactor: Example error messaging
2d7b9c4
@ff6347
chore: Mark functions as deprecated
65a0da2
@ff6347
refactor(getUserData): User data exists already
5ddf090
@ff6347
refactor(getUserData): User data exists already
145b8a2
@ff6347
refactor: Remove from deprecated functions
c486379
@ff6347
feat(hooks): Add supabase hooks
a10479e 
Use supabase in all hooks
@ff6347
feat: Redirect to auth component
d68c0f0
@ff6347
feat: Logged in user can delete their account
fb15959
@ff6347
docs: Remoce Auth0 credentials from env.example
a1e6eb8
@ff6347
docs: Update .env.example with SUPABASE vars
4ff63ee
@ff6347
fix: Error paste sql function
1f6c722
@ff6347
feat: Update username on trees_watered
8124ca0 
Somehow the trigger function only works on sql console
@ff6347
chore: Remove unneccesary code
76230ee 
The update of the username happens within the DB using triggers
on the profile table. It did not work because the RLS did not allow the
user to make changes to the trees_watered table on update
@ff6347
refactor(auth): Split large component
57dd738 
Move into smaller ones and add some styling
@ff6347
refactor: Housekeeping
be534c2
@ff6347
refactor: Remove auth0 context
9729987
@ff6347
fix: Small error. Import React
27d3aa9
@ff6347
refactor: Remove auth0 context
901e215
@ff6347
feat: Add link to auth section
1b57979
@ff6347
refactor: Remove loading state.
066de9d 
Was bound to auth0
@ff6347
feat(Notifications): Make notifictions centralized
e3a9fcc
@ff6347
fix(SidebarProfile): Loading state
b30c915 
@vogelino was right. I was wrong.
@ff6347
feat(Signin): Send user to profile after signin
8cb9190
@ff6347
chore: Housekeeping
1dc21f3
@ff6347
chore: Housekeeping remove auth0 related stuff
aceff6e
@ff6347
chore: Housekeeping
233913f 
Remove all traces of auth0
@ff6347
chore: Use existing session on entry
dee4f44
@ff6347
feat: Add expandable panels
e6e5fb8
ff6347 and others added 21 commits May 10, 2023 17:02
@ff6347
Merge pull request #577 from technologiestiftung/fix/auth-confirm
35f20e0
@raphael-arce
feat: removed error notification on email duplicate
fb4c070 
Signed-off-by: Raphael Arce <raphael.arce@ts.berlin>
@ff6347
Merge pull request #579 from technologiestiftung/feat/remove-error-ms…
4828252 
…g-on-email-duplicate
@ff6347
fix(Quotes): Can't use html entities in string
8c7dc03 
Also remove unused function and tests
@ff6347
fix(Quotes): Replace " and EN quotes with DE quotes
7f4a021
@raphael-arce
Merge pull request #580 from technologiestiftung/fix/quotes
b2a9414 
fix/quotes
@ff6347
Merge branch 'feat/auth-via-supabase' of github.com:technologiestiftu…
033c3e2 
…ng/giessdenkiez-de into feat/auth-via-supabase
@ff6347
test: remove webcrypto modul
bcf3ec9 
According to git history this was added for auth0
It also broke all tests locally
@ff6347
Merge pull request #582 from technologiestiftung/test/remove-webcrypto
de30fc4
@raphael-arce
feat: added idea folder to gitignore
a07baa4 
Signed-off-by: Raphael Arce <raphael.arce@ts.berlin>
@raphael-arce
chore: upgraded supabase libs to latest version
2dec7aa 
Signed-off-by: Raphael Arce <raphael.arce@ts.berlin>
@raphael-arce
fix: moved password recovery to an own page
4534f07 
Signed-off-by: Raphael Arce <raphael.arce@ts.berlin>
@ff6347
chore: Update database types
52efc67 
Related to PR
technologiestiftung/giessdenkiez-de-postgres-api#222
@ff6347
Merge pull request #583 from technologiestiftung/fix/password-recover…
fb9ffe8 
…y-form-not-shown
@raphael-arce
Merge pull request #584 from technologiestiftung/chore/update-databas…
c9faaaf 
…e-types

chore: Update database types
@raphael-arce
chore: downgraded supabase/auth-helpers-nextjs because of incompatibi…
6948cc8 
…lity with current jest setup

Signed-off-by: Raphael Arce <raphael.arce@ts.berlin>
@raphael-arce
feat: add notification placeholder to improve visual stability
3ca61fc 
Signed-off-by: Raphael Arce <raphael.arce@ts.berlin>
@ff6347
Merge branch 'staging' into feat/auth-via-supabase
99cecf3
@ff6347
Merge branch 'feat/auth-via-supabase' into feat/use-fixed-size-modal
04dfc7c
@ff6347
Merge pull request #587 from technologiestiftung/feat/use-fixed-size-…
80f3d44 
…modal
@ff6347
Merge pull request #555 from technologiestiftung/feat/auth-via-supabase
4621605 
I'm a little scared. Major rewrite
@vercel
Copy link

vercel bot commented May 23, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
giessdenkiez-de ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 23, 2023 11:05am

@socket-security
Copy link

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore es5-ext@0.10.62
  • @SocketSecurity ignore bufferutil@4.0.7
  • @SocketSecurity ignore utf-8-validate@5.0.10
📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package Script field Source
es5-ext@0.10.62 (added) postinstall package-lock.json via @supabase/auth-helpers-nextjs@0.6.0, @supabase/auth-helpers-react@0.3.1, @supabase/auth-ui-react@0.4.2
🫣 Native code

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

Package Location Source
bufferutil@4.0.7 (added) binding.gyp package-lock.json via @inpyjamas/scripts@0.1.6-alpha, @storybook/react@6.5.13, @supabase/auth-helpers-nextjs@0.6.0, @supabase/auth-helpers-react@0.3.1, @supabase/auth-ui-react@0.4.2, jest-environment-jsdom@29.3.0
utf-8-validate@5.0.10 (added) binding.gyp package-lock.json via @inpyjamas/scripts@0.1.6-alpha, @storybook/react@6.5.13, @supabase/auth-helpers-nextjs@0.6.0, @supabase/auth-helpers-react@0.3.1, @supabase/auth-ui-react@0.4.2, jest-environment-jsdom@29.3.0
🧌 Protestware/Troll package

This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.

Package Note Source
es5-ext@0.10.62 (added) This package prints a protestware console message on install regarding Ukraine for users with Russian language locale package-lock.json via @supabase/auth-helpers-nextjs@0.6.0, @supabase/auth-helpers-react@0.3.1, @supabase/auth-ui-react@0.4.2
Pull request alert summary
Issue Status
Install scripts ⚠️ 1 issue
Native code ⚠️ 2 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ⚠️ 1 issue

📊 Modified Dependency Overview:

➕ Added Package Capability Access +/- Transitive Count Publisher
@supabase/auth-ui-react@0.4.2 eval, shell +27 kiwicopple
@supabase/auth-helpers-nextjs@0.6.0 eval, shell, environment +24 phamhieu1998
@supabase/auth-helpers-react@0.3.1 eval, shell +22 phamhieu1998

🚮 Removed packages: @auth0/auth0-react@1.9.0, @trust/webcrypto@0.9.2, @types/auth0@2.33.1, deno_ls_plugin@0.1.0, typescript@4.6.3

@ff6347 ff6347 requested a review from raphael-arce May 23, 2023 09:37
@ff6347 ff6347 mentioned this pull request May 23, 2023
Merged
@ff6347 ff6347 merged commit f29af44 into master May 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dnsos dnsos Awaiting requested review from dnsos

@vogelino vogelino Awaiting requested review from vogelino

@raphael-arce raphael-arce Awaiting requested review from raphael-arce

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ff6347 @dnsos @raphael-arce