prskr/supabase-operator
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions
supabase-operator/internal/controlplane/gotrue.go
Peter Kurfer 647f602c79
Some checks failed
Lint / Run on Ubuntu (push) Failing after 2m58s
Details
E2E Tests / Run on Ubuntu (push) Failing after 4m18s
Details
Tests / Run on Ubuntu (push) Failing after 2m39s
Details
feat: basic functionality implemented 
- added Core CRD to manage DB migrations & configuration, PostgREST and
  GoTrue (auth)
- added APIGateway CRD to manage Envoy proxy
- added Dashboard CRD to manage (so far) pg-meta and (soon) studio
  deployments
- implemented basic Envoy control plane based on K8s watcher
2025-01-04 17:07:49 +01:00

76 lines
2 KiB
Go
Raw Blame History

package controlplane
import (
"fmt"
clusterv3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
routev3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
matcherv3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
"google.golang.org/protobuf/types/known/anypb"
"code.icb4dc0.de/prskr/supabase-operator/internal/supabase"
)
type GoTrueCluster struct {
ServiceCluster
}
func (c *GoTrueCluster) Cluster(instance string) []*clusterv3.Cluster {
if c == nil {
return nil
}
return []*clusterv3.Cluster{c.ServiceCluster.Cluster(fmt.Sprintf("auth@%s", instance), 9999)}
}
func (c *GoTrueCluster) Routes(instance string) []*routev3.Route {
if c == nil {
return nil
}
return []*routev3.Route{
{
Name: "GoTrue (Open) /auth/v1/(callback|verify) -> http://auth:9999/$1",
Match: &routev3.RouteMatch{
PathSpecifier: &routev3.RouteMatch_SafeRegex{
SafeRegex: &matcherv3.RegexMatcher{
Regex: `/auth/v1/(callback|verify|authorize)`,
},
},
},
Action: &routev3.Route_Route{
Route: &routev3.RouteAction{
ClusterSpecifier: &routev3.RouteAction_Cluster{
Cluster: fmt.Sprintf("%s@%s", supabase.ServiceConfig.Auth.Name, instance),
},
RegexRewrite: &matcherv3.RegexMatchAndSubstitute{
Pattern: &matcherv3.RegexMatcher{
Regex: `/auth/v1/(callback|verify|authorize)`,
},
Substitution: `/\1`,
},
},
},
TypedPerFilterConfig: map[string]*anypb.Any{
FilterNameRBAC: MustAny(RBACPerRoute(RBACAllowAllConfig())),
FilterNameJwtAuthn: MustAny(JWTAllowAll()),
},
},
{
Name: "GoTrue: /auth/v1/* -> http://auth:9999/*",
Match: &routev3.RouteMatch{
PathSpecifier: &routev3.RouteMatch_Prefix{
Prefix: "/auth/v1",
},
},
Action: &routev3.Route_Route{
Route: &routev3.RouteAction{
ClusterSpecifier: &routev3.RouteAction_Cluster{
Cluster: fmt.Sprintf("%s@%s", supabase.ServiceConfig.Auth.Name, instance),
},
PrefixRewrite: "/",
},
},
},
}
}
Reference in a new issue View git blame Copy permalink