Merge branch 'master' into add-app-metadata-type

supabase · Jan 14, 2025 · 102b94e · 102b94e
2 parents de9649f + 9748dd9
commit 102b94e
Show file tree

Hide file tree

Showing 6 changed files with 132 additions and 89 deletions.
diff --git a/.github/workflows/dogfooding.yml b/.github/workflows/dogfooding.yml
@@ -0,0 +1,50 @@
+name: Dogfooding Check
+
+on:
+  pull_request_review:
+    types: [submitted, edited]
+
+  pull_request_target:
+    types:
+      - opened
+    branches:
+      - '*'
+
+jobs:
+  check_dogfooding:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        if: github.event.pull_request.base.ref == 'master' && github.event.pull_request.head.ref == 'release-please--branches--master'
+        with:
+          ref: master # used to identify the latest RC version via git describe --tags --match rc*
+          fetch-depth: 0
+
+      - if: github.event.pull_request.base.ref == 'master' && github.event.pull_request.head.ref == 'release-please--branches--master'
+        run: |
+          set -ex
+
+          # finds the latest RC version on master
+          RELEASE_VERSION=@supabase/auth-js@$(node -e "const a = '$(git describe --tags --match rc*)'.replace(/^rc/, '').split('-'); console.log(a[0] + '-' + a[1]);")
+
+          # use some clever Ruby magic to extract the snapshots['@supabase/auth-js@...'] version from the pnpm-lock.yaml file
+          STUDIO_VERSION=$(curl 'https://raw.githubusercontent.com/supabase/supabase/refs/heads/master/pnpm-lock.yaml' | ruby -e 'require("yaml"); l = YAML.load(STDIN); puts(l["snapshots"].find { |k, v| k.start_with? "@supabase/auth-js" }.first)')
+
+          echo "Expecting RC version $RELEASE_VERSION to be used in Supabase Studio."
+
+          if [ "$STUDIO_VERSION" != "$RELEASE_VERSION" ]
+          then
+            echo "Version in Supabase Studio is not the latest release candidate. Please release this RC first to proof the release before merging this PR."
+            exit 1
+          fi
+
+          echo "Release away!"
+          exit 0
+
+      - if: github.event.pull_request.base.ref != 'master' || github.event.pull_request.head.ref != 'release-please--branches--master'
+        run: |
+          set -ex
+
+          echo "This PR is not subject to dogfooding checks."
+          exit 0
+
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -10,6 +10,7 @@ jobs:
   release_please:
     runs-on: ubuntu-latest
     permissions:
+      id-token: write
       contents: write
       pull-requests: write
     steps:
@@ -102,16 +103,17 @@ jobs:
 
           echo "Publishing auth-js now..."
 
-          npm publish --tag "$DIST_TAG"
+          npm publish --provenance --tag "$DIST_TAG"
 
           echo "Publishing gotrue-js now..."
 
           for f in package.json package-lock.json
           do
-            sed -i 's|\(["/]\)auth-js|\1gotrue-js|g' "$f"
+            # only replace name not repository, homepage, etc.
+            sed -i 's|\("name":[[:space:]]*"@supabase/\)auth-js|\1gotrue-js|g' "$f"
           done
 
-          npm publish --tag "$DIST_TAG"
+          npm publish --provenance --tag "$DIST_TAG"
 
       - name: Create GitHub release and branches
         if: ${{ steps.release.outputs.release_created == 'true' || steps.release.outputs.prs_created == 'true' }}

diff --git a/package.json b/package.json
@@ -20,7 +20,7 @@
   "main": "dist/main/index.js",
   "module": "dist/module/index.js",
   "types": "dist/module/index.d.ts",
-  "repository": "supabase/auth-js",
+  "repository": "github:supabase/auth-js",
   "scripts": {
     "clean": "rimraf dist docs",
     "coverage": "echo \"run npm test\"",

diff --git a/src/GoTrueClient.ts b/src/GoTrueClient.ts
@@ -89,13 +89,11 @@ import type {
   LockFunc,
   UserIdentity,
   SignInAnonymouslyCredentials,
-} from './lib/types'
-import {
   MFAEnrollTOTPParams,
   MFAEnrollPhoneParams,
   AuthMFAEnrollTOTPResponse,
   AuthMFAEnrollPhoneResponse,
-} from './lib/internal-types'
+} from './lib/types'
 
 polyfillGlobalThis() // Make "globalThis" available
 

diff --git a/src/lib/internal-types.ts b/src/lib/internal-types.ts
diff --git a/src/lib/types.ts b/src/lib/types.ts
@@ -1,11 +1,5 @@
 import { AuthError } from './errors'
 import { Fetch } from './fetch'
-import {
-  MFAEnrollTOTPParams,
-  MFAEnrollPhoneParams,
-  AuthMFAEnrollTOTPResponse,
-  AuthMFAEnrollPhoneResponse,
-} from './internal-types'
 
 /** One of the providers supported by GoTrue. */
 export type Provider =
@@ -450,7 +444,7 @@ export interface AdminUserAttributes extends Omit<UserAttributes, 'data'> {
    *
    * Allows you to specify a password hash for the user. This is useful for migrating a user's password hash from another service.
    *
-   * Supports bcrypt and argon2 password hashes.
+   * Supports bcrypt, scrypt (firebase), and argon2 password hashes.
    */
   password_hash?: string
 
@@ -1132,3 +1126,77 @@ export type SignOut = {
    */
   scope?: 'global' | 'local' | 'others'
 }
+
+export type MFAEnrollTOTPParams = {
+  /** The type of factor being enrolled. */
+  factorType: 'totp'
+  /** Domain which the user is enrolled with. */
+  issuer?: string
+  /** Human readable name assigned to the factor. */
+  friendlyName?: string
+}
+export type MFAEnrollPhoneParams = {
+  /** The type of factor being enrolled. */
+  factorType: 'phone'
+  /** Human readable name assigned to the factor. */
+  friendlyName?: string
+  /** Phone number associated with a factor. Number should conform to E.164 format */
+  phone: string
+}
+
+export type AuthMFAEnrollTOTPResponse =
+  | {
+      data: {
+        /** ID of the factor that was just enrolled (in an unverified state). */
+        id: string
+
+        /** Type of MFA factor.*/
+        type: 'totp'
+
+        /** TOTP enrollment information. */
+        totp: {
+          /** Contains a QR code encoding the authenticator URI. You can
+           * convert it to a URL by prepending `data:image/svg+xml;utf-8,` to
+           * the value. Avoid logging this value to the console. */
+          qr_code: string
+
+          /** The TOTP secret (also encoded in the QR code). Show this secret
+           * in a password-style field to the user, in case they are unable to
+           * scan the QR code. Avoid logging this value to the console. */
+          secret: string
+
+          /** The authenticator URI encoded within the QR code, should you need
+           * to use it. Avoid loggin this value to the console. */
+          uri: string
+        }
+        /** Friendly name of the factor, useful for distinguishing between factors **/
+        friendly_name?: string
+      }
+      error: null
+    }
+  | {
+      data: null
+      error: AuthError
+    }
+
+export type AuthMFAEnrollPhoneResponse =
+  | {
+      data: {
+        /** ID of the factor that was just enrolled (in an unverified state). */
+        id: string
+
+        /** Type of MFA factor. */
+        type: 'phone'
+
+        /** Friendly name of the factor, useful for distinguishing between factors **/
+        friendly_name?: string
+
+        /** Phone number of the MFA factor in E.164 format. Used to send messages  */
+        phone: string
+      }
+      error: null
+    }
+  | {
+      data: null
+      error: AuthError
+    }