Created
March 26, 2025 08:53
-
-
Save encima/76866590109233911eca5bdd8e726af7 to your computer and use it in GitHub Desktop.
Supabaase Management API to config - pulling from the Management API to match the config.toml reference
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # Default values | |
| OUTPUT_FILE="config.toml" | |
| # Function to display usage information | |
| usage() { | |
| echo "Usage: $0 --ref <project_ref> [--token <access_token>] [--output <output_file>]" | |
| echo | |
| echo "Options:" | |
| echo " --ref Supabase project reference (required)" | |
| echo " --token Supabase access token (if not provided, will use SUPABASE_ACCESS_TOKEN env var)" | |
| echo " --output Output file path (default: config.toml)" | |
| echo | |
| exit 1 | |
| } | |
| # Parse command line arguments | |
| while [[ $# -gt 0 ]]; do | |
| case $1 in | |
| --ref) | |
| PROJECT_REF="$2" | |
| shift 2 | |
| ;; | |
| --token) | |
| ACCESS_TOKEN="$2" | |
| shift 2 | |
| ;; | |
| --output) | |
| OUTPUT_FILE="$2" | |
| shift 2 | |
| ;; | |
| *) | |
| usage | |
| ;; | |
| esac | |
| done | |
| auth_providers=("apple" "azure" "bitbucket" "google" "slack" "spotify") | |
| # Check params | |
| if [ -z "$PROJECT_REF" ]; then | |
| echo "Error: Project reference (--ref) is required" | |
| usage | |
| fi | |
| # Check for env var | |
| if [ -z "$ACCESS_TOKEN" ]; then | |
| ACCESS_TOKEN="$SUPABASE_ACCESS_TOKEN" | |
| if [ -z "$ACCESS_TOKEN" ]; then | |
| echo "Error: No access token provided. Either use --token or set SUPABASE_ACCESS_TOKEN environment variable." | |
| exit 1 | |
| fi | |
| fi | |
| echo "Fetching auth configuration for project: $PROJECT_REF" | |
| AUTH_CONFIG=$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" \ | |
| -H "Content-Type: application/json" \ | |
| "https://api.supabase.com/v1/projects/$PROJECT_REF/config/auth") | |
| if [[ "$AUTH_CONFIG" == *"error"* ]]; then | |
| echo "Error: Failed to fetch auth configuration" | |
| echo "$AUTH_CONFIG" | |
| exit 1 | |
| fi | |
| get_json_value() { | |
| local key="$1" | |
| local default="$2" | |
| local value=$(echo "$AUTH_CONFIG" | jq -r ".$key // \"$default\"") | |
| if [ "$value" = "null" ]; then | |
| echo "$default" | |
| else | |
| echo "$value" | |
| fi | |
| } | |
| mkdir -p "$(dirname "$OUTPUT_FILE")" | |
| # Create TOML file | |
| cat > "$OUTPUT_FILE" << EOL | |
| # Supabase configuration file | |
| # Generated on $(date) | |
| [auth] | |
| site_url = "$(get_json_value "site_url" "")" | |
| additional_redirect_urls = "" | |
| jwt_expiry = $(get_json_value "jwt_exp" "3600") | |
| enable_refresh_token_rotation = $(get_json_value "refresh_token_rotation_enabled" "false") | |
| refresh_token_reuse_interval = $(get_json_value "security_refresh_token_reuse_interval" "10") | |
| enable_signup = $([ "$(get_json_value "disable_signup" "false")" = "true" ] && echo "false" || echo "true") | |
| [auth.email] | |
| enable_signup = $(get_json_value "external_email_enabled" "true") | |
| double_confirm_changes = $(get_json_value "mailer_secure_email_change_enabled" "true") | |
| enable_confirmations = $([ "$(get_json_value "mailer_autoconfirm" "false")" = "true" ] && echo "false" || echo "true") | |
| [auth.sms] | |
| enable_signup = $(get_json_value "external_phone_enabled" "true") | |
| enable_confirmations = $([ "$(get_json_value "sms_autoconfirm" "false")" = "true" ] && echo "false" || echo "true") | |
| EOL | |
| # Add SMTP configuration if present | |
| if [ "$(get_json_value "smtp_host" "")" != "" ]; then | |
| cat >> "$OUTPUT_FILE" << EOL | |
| [auth.smtp] | |
| host = "$(get_json_value "smtp_host" "")" | |
| port = "$(get_json_value "smtp_port" "")" | |
| user = "$(get_json_value "smtp_user" "")" | |
| pass = "$(get_json_value "smtp_pass" "")" | |
| sender_name = "$(get_json_value "smtp_sender_name" "")" | |
| admin_email = "$(get_json_value "smtp_admin_email" "")" | |
| EOL | |
| fi | |
| # Function to add OAuth provider configuration | |
| add_provider_config() { | |
| local provider="$1" | |
| local display_name="$2" # For providers where the config key differs from API key | |
| if [ "$(get_json_value "external_${provider}_enabled" "false")" = "true" ]; then | |
| if [ -z "$display_name" ]; then | |
| display_name="$provider" | |
| fi | |
| cat >> "$OUTPUT_FILE" << EOL | |
| [auth.${display_name}] | |
| enabled = true | |
| client_id = "$(get_json_value "external_${provider}_client_id" "")" | |
| secret = "$(get_json_value "external_${provider}_secret" "")" | |
| EOL | |
| # Add provider-specific fields | |
| if [ "$provider" = "google" ] && [ "$(get_json_value "external_google_skip_nonce_check" "false")" = "true" ]; then | |
| echo "skip_nonce_check = true" >> "$OUTPUT_FILE" | |
| fi | |
| if [[ "$provider" =~ ^(azure|gitlab|keycloak|workos)$ ]] && [ "$(get_json_value "external_${provider}_url" "")" != "" ]; then | |
| echo "url = \"$(get_json_value "external_${provider}_url" "")\"" >> "$OUTPUT_FILE" | |
| fi | |
| fi | |
| } | |
| # Loop through providers | |
| for provider in ${auth_providers[@]} | |
| do | |
| add_provider_config $provider | |
| done | |
| echo "Configuration written to $OUTPUT_FILE" | |
| echo "Done!" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment