├── .circleci └── config.yml ├── .gitignore ├── Dockerfile ├── README.md ├── addDevTag.sh ├── addReleaseTag.sh ├── config.yaml ├── docker-entrypoint.sh ├── helm-chart ├── .helmignore ├── Chart.yaml ├── README.md ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── deployment.yaml │ ├── hpa.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ │ └── test-connection.yaml └── values.yaml ├── pre-commit.sh ├── setupHooks.sh ├── test.sh └── updateReadme.js /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | version: 2.1 2 | orbs: 3 | jq: circleci/jq@2.2.0 4 | slack: circleci/slack@3.4.2 5 | node: circleci/node@4.2.1 6 | jobs: 7 | publish: 8 | machine: 9 | image: ubuntu-2204:2024.01.1 10 | environment: 11 | DOCKER_BUILDKIT: 1 12 | BUILDX_PLATFORMS: linux/amd64,linux/arm64 13 | steps: 14 | - checkout 15 | - jq/install 16 | - node/install 17 | - run: 18 | name: build docker image and test 19 | command: | 20 | ./test.sh 21 | if [[ $? -ne 0 ]]; then exit 1; fi 22 | - run: 23 | name: log in to docker hub 24 | command: | 25 | docker login -u $DOCKER_USER -p $DOCKER_PASSWORD 26 | - run: 27 | name: core version tag 28 | command: | 29 | CORE_VERSION=$(cat Dockerfile | grep "ARG CORE_VERSION=" | cut -d'=' -f2 | cut -d'.' -f1,2) 30 | git push origin :refs/tags/${CORE_VERSION} 31 | git fetch --prune --prune-tags 32 | git tag ${CORE_VERSION} 33 | git push origin --tags 34 | - run: 35 | name: create and push docker image for core version tag 36 | command: | 37 | docker run --rm --privileged multiarch/qemu-user-static --reset -p yes 38 | docker buildx create --name multiarch --driver docker-container --use 39 | docker buildx inspect --bootstrap 40 | CORE_VERSION_WITH_PATCH=$(cat Dockerfile | grep "ARG CORE_VERSION=" | cut -d'=' -f2) 41 | CORE_VERSION=$(cat Dockerfile | grep "ARG CORE_VERSION=" | cut -d'=' -f2 | cut -d'.' -f1,2) 42 | docker buildx build --platform $BUILDX_PLATFORMS -t supertokens/supertokens-mysql:${CORE_VERSION} -t supertokens/supertokens-mysql:${CORE_VERSION_WITH_PATCH} -o type=image,push=true . 43 | - run: 44 | name: check if is latest core and plugin and push to docker hub if latest 45 | command: | 46 | PLUGIN_VERSION=$(cat Dockerfile | grep "ARG PLUGIN_VERSION=" | cut -d'=' -f2) 47 | CORE_VERSION=$(cat Dockerfile | grep "ARG CORE_VERSION=" | cut -d'=' -f2) 48 | PLUGIN_NAME=$(cat Dockerfile | grep "ARG PLUGIN_NAME=" | cut -d'=' -f2) 49 | response=`curl -s -X GET \ 50 | "https://api.supertokens.io/0/core/latest/check?password=$API_KEY&planType=FREE&version=$CORE_VERSION&allowDev=true" \ 51 | -H 'api-version: 0'` 52 | core_response=`echo $response | jq .isLatest` 53 | response=`curl -s -X GET \ 54 | "https://api.supertokens.io/0/plugin/latest/check?password=$API_KEY&planType=FREE&version=$PLUGIN_VERSION&name=$PLUGIN_NAME&allowDev=true" \ 55 | -H 'api-version: 0'` 56 | plugin_response=`echo $response | jq .isLatest` 57 | if [[ $core_response == "true" ]] && [[ $plugin_response == "true" ]] 58 | then 59 | git push origin :refs/tags/latest 60 | git fetch --prune --prune-tags 61 | git tag latest 62 | git push origin --tags 63 | docker buildx build --platform $BUILDX_PLATFORMS -t supertokens/supertokens-mysql:latest -o type=image,push=true . 64 | token=`curl --location --request POST 'https://hub.docker.com/v2/users/login/' --header 'Content-Type: application/json' --data-raw "{\"username\": \"$DOCKER_USER\", \"password\": \"$DOCKER_PASSWORD\"}" | jq .token | tr -d '"'` 65 | TOKEN=$token node updateReadme.js 66 | fi 67 | - slack/status 68 | test: 69 | machine: 70 | image: ubuntu-2204:2024.01.1 71 | steps: 72 | - checkout 73 | - jq/install 74 | - run: 75 | name: build docker image and test 76 | command: | 77 | ./test.sh 78 | if [[ $? -ne 0 ]]; then exit 1; fi 79 | - slack/status 80 | workflows: 81 | version: 2 82 | tagged-build: 83 | jobs: 84 | - publish: 85 | context: 86 | - slack-notification 87 | - docker-hub 88 | filters: 89 | tags: 90 | only: /v[0-9]+(\.[0-9]+)*/ 91 | branches: 92 | ignore: /.*/ 93 | - test: 94 | context: 95 | - slack-notification 96 | filters: 97 | tags: 98 | only: /dev-v[0-9]+(\.[0-9]+)*/ 99 | branches: 100 | ignore: /.*/ -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | apiPassword -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:bionic-20200219 as tmp 2 | ARG PLUGIN_NAME=mysql 3 | ARG PLAN_TYPE=FREE 4 | ARG CORE_VERSION=10.1.4 5 | ARG PLUGIN_VERSION=8.1.4 6 | RUN apt-get update && apt-get install -y curl zip 7 | RUN OS= && dpkgArch="$(dpkg --print-architecture)" && \ 8 | case "${dpkgArch##*-}" in \ 9 | amd64) OS='linux';; \ 10 | arm64) OS='linux-arm';; \ 11 | *) OS='linux';; \ 12 | esac && \ 13 | curl -o supertokens.zip -s -X GET \ 14 | "https://api.supertokens.io/0/app/download?pluginName=$PLUGIN_NAME&os=$OS&mode=DEV&binary=$PLAN_TYPE&targetCore=$CORE_VERSION&targetPlugin=$PLUGIN_VERSION" \ 15 | -H "api-version: 0" 16 | RUN unzip supertokens.zip 17 | RUN cd supertokens && ./install 18 | 19 | FROM debian:bookworm-slim 20 | RUN groupadd supertokens && useradd -m -s /bin/bash -g supertokens supertokens 21 | RUN apt-get update && apt-get install -y --no-install-recommends gnupg dirmngr && rm -rf /var/lib/apt/lists/* 22 | ENV GOSU_VERSION 1.7 23 | RUN set -x \ 24 | && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ 25 | && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ 26 | && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ 27 | && export GNUPGHOME="$(mktemp -d)" \ 28 | && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ 29 | && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ 30 | && gpgconf --kill all \ 31 | && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ 32 | && chmod +x /usr/local/bin/gosu \ 33 | && apt-get purge -y --auto-remove ca-certificates wget 34 | COPY --from=tmp --chown=supertokens /usr/lib/supertokens /usr/lib/supertokens 35 | COPY --from=tmp --chown=supertokens /usr/bin/supertokens /usr/bin/supertokens 36 | COPY docker-entrypoint.sh /usr/local/bin/ 37 | RUN echo "$(md5sum /usr/lib/supertokens/config.yaml | awk '{ print $1 }')" >> /CONFIG_HASH 38 | RUN ln -s usr/local/bin/docker-entrypoint.sh /entrypoint.sh # backwards compat 39 | EXPOSE 3567 40 | USER "supertokens" 41 | ENTRYPOINT ["docker-entrypoint.sh"] 42 | CMD ["supertokens", "start"] -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Quickstart 2 | ```bash 3 | # This will start with an in memory database. 4 | 5 | $ docker run -p 3567:3567 -d registry.supertokens.io/supertokens/supertokens-mysql 6 | ``` 7 | 8 | ## Configuration 9 | You can use your own `config.yaml` file as a shared volume or pass the key-values as environment variables. 10 | 11 | If you do both, only the shared `config.yaml` file will be considered. 12 | 13 | #### Using environment variable 14 | Available environment variables 15 | - **Core** 16 | - API\_KEYS 17 | - SUPERTOKENS\_HOST 18 | - SUPERTOKENS\_PORT 19 | - ACCESS\_TOKEN\_VALIDITY 20 | - ACCESS\_TOKEN\_BLACKLISTING 21 | - ACCESS\_TOKEN\_SIGNING\_KEY\_DYNAMIC 22 | - ACCESS\_TOKEN\_DYNAMIC\_SIGNING\_KEY\_UPDATE\_INTERVAL 23 | - REFRESH\_TOKEN\_VALIDITY 24 | - PASSWORD\_RESET\_TOKEN\_LIFETIME 25 | - EMAIL\_VERIFICATION\_TOKEN\_LIFETIME 26 | - INFO\_LOG\_PATH 27 | - ERROR\_LOG\_PATH 28 | - MAX\_SERVER\_POOL\_SIZE 29 | - PASSWORDLESS\_MAX\_CODE\_INPUT\_ATTEMPTS 30 | - PASSWORDLESS\_CODE\_LIFETIME 31 | - DISABLE\_TELEMETRY 32 | - BASE\_PATH 33 | - PASSWORD\_HASHING\_ALG 34 | - ARGON2\_ITERATIONS 35 | - ARGON2\_MEMORY\_KB 36 | - ARGON2\_PARALLELISM 37 | - ARGON2\_HASHING\_POOL\_SIZE 38 | - BCRYPT\_LOG\_ROUNDS 39 | - LOG\_LEVEL 40 | - FIREBASE\_PASSWORD\_HASHING\_POOL\_SIZE 41 | - FIREBASE\_PASSWORD\_HASHING\_SIGNER\_KEY 42 | - IP\_ALLOW\_REGEX 43 | - IP\_DENY\_REGEX 44 | - TOTP\_MAX\_ATTEMPTS 45 | - TOTP\_RATE\_LIMIT\_COOLDOWN\_SEC 46 | - SUPERTOKENS\_SAAS\_LOAD\_ONLY\_CUD 47 | - OAUTH\_PROVIDER\_PUBLIC\_SERVICE\_URL 48 | - OAUTH\_PROVIDER\_ADMIN\_SERVICE\_URL 49 | - OAUTH\_PROVIDER\_CONSENT\_LOGIN\_BASE\_URL 50 | - OAUTH\_PROVIDER\_URL\_CONFIGURED\_IN\_OAUTH\_PROVIDER 51 | - OAUTH\_CLIENT\_SECRET\_ENCRYPTION\_KEY 52 | - BULK\_MIGRATION\_PARALLELISM 53 | - BULK\_MIGRATION\_BATCH\_SIZE 54 | - BULK\_MIGRATION\_CRON\_ENABLED 55 | - WEBAUTHN\_RECOVER\_ACCOUNT\_TOKEN\_LIFETIME 56 | - **MySQL:** 57 | - MYSQL\_CONNECTION\_URI 58 | - MYSQL\_USER 59 | - MYSQL\_PASSWORD 60 | - MYSQL\_CONNECTION\_POOL\_SIZE 61 | - MYSQL\_HOST 62 | - MYSQL\_PORT 63 | - MYSQL\_DATABASE\_NAME 64 | - MYSQL\_TABLE\_NAMES\_PREFIX 65 | - MYSQL\_IDLE\_CONNECTION\_TIMEOUT 66 | - MYSQL\_MINIMUM\_IDLE\_CONNECTIONS 67 | 68 | 69 | ```bash 70 | docker run \ 71 | -p 3567:3567 \ 72 | -e MYSQL_CONNECTION_URI="mysql://username:password@host:port/dbName" \ 73 | -d registry.supertokens.io/supertokens/supertokens-mysql 74 | 75 | # OR 76 | 77 | docker run \ 78 | -p 3567:3567 \ 79 | -e MYSQL_USER="mysqlUser" \ 80 | -e MYSQL_HOST="192.168.1.2" \ 81 | -e MYSQL_PORT="3306" \ 82 | -e MYSQL_PASSWORD="password" \ 83 | -d registry.supertokens.io/supertokens/supertokens-mysql 84 | ``` 85 | 86 | #### Using custom config file 87 | - In your `config.yaml` file, please make sure you store the following key / values: 88 | - `core_config_version: 0` 89 | - `host: "0.0.0.0"` 90 | - `mysql_config_version: 0` 91 | - `info_log_path: null` (to log in docker logs) 92 | - `error_log_path: null` (to log in docker logs) 93 | - The path for the `config.yaml` file in the container is `/usr/lib/supertokens/config.yaml` 94 | 95 | ```bash 96 | $ docker run \ 97 | -p 3567:3567 \ 98 | -v /path/to/config.yaml:/usr/lib/supertokens/config.yaml \ 99 | -d registry.supertokens.io/supertokens/supertokens-mysql 100 | ``` 101 | 102 | ## Logging 103 | - By default, all the logs will be available via the `docker logs ` command. 104 | - You can setup logging to a shared volume by: 105 | - Setting the `info_log_path` and `error_log_path` variables in your `config.yaml` file (or passing the values asn env variables). 106 | - Mounting the shared volume for the logging directory. 107 | 108 | ```bash 109 | $ docker run \ 110 | -p 3567:3567 \ 111 | -v /path/to/logsFolder:/home/logsFolder \ 112 | -e INFO_LOG_PATH="/home/logsFolder/info.log" \ 113 | -e ERROR_LOG_PATH="/home/logsFolder/error.log" \ 114 | -e MYSQL_USER="mysqlUser" \ 115 | -e MYSQL_PASSWORD="password" \ 116 | -d registry.supertokens.io/supertokens/supertokens-mysql 117 | ``` 118 | 119 | ## Database setup 120 | - Before you start this container, make sure to initialize your database. 121 | - You do not need to ensure that the MySQL database has started before this container is started. During bootup, SuperTokens will wait for ~1 hour for a MySQL instance to be available. 122 | - If `MYSQL_USER`, `MYSQL_PASSWORD` and `MYSQL_CONNECTION_URI` are not provided, then SuperTokens will use an in memory database. 123 | 124 | 125 | ## Read-only root fs 126 | - If you wish to run this container with a read-only root filesystem, you can do so. 127 | - The container still needs a temp area, where it can write its stuff, and also needs to be able to execute from there. 128 | - You will have to create a mount for `/lib/supertokens/temp/` 129 | 130 | ```bash 131 | docker run \ 132 | -p 3567:3567 \ 133 | --mount source=/path/on/host/machine,destination=/lib/supertokens/temp/,type=bind \ 134 | --read-only \ 135 | -d registry.supertokens.io/supertokens/supertokens-mysql 136 | ``` 137 | 138 | ```bash 139 | docker run \ 140 | -p 3567:3567 \ 141 | --tmpfs=/lib/supertokens/temp/:exec \ 142 | --read-only \ 143 | -d registry.supertokens.io/supertokens/supertokens-mysql 144 | ``` 145 | 146 | ## Running with tcp keepalive settings 147 | ```bash 148 | docker run \ 149 | -p 3567:3567 \ 150 | --sysctl net.ipv4.tcp_keepalive_time=60 \ 151 | --sysctl net.ipv4.tcp_keepalive_intvl=5 \ 152 | --sysctl net.ipv4.tcp_keepalive_probes=3 \ 153 | -d registry.supertokens.io/supertokens/supertokens-mysql 154 | ``` -------------------------------------------------------------------------------- /addDevTag.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # get version------------ 4 | version=`cat Dockerfile | grep "ARG CORE_VERSION=" | cut -d'=' -f2` 5 | 6 | branch_name="$(git symbolic-ref HEAD 2>/dev/null)" || 7 | branch_name="(unnamed branch)" # detached HEAD 8 | 9 | branch_name=${branch_name##refs/heads/} 10 | 11 | # check if branch is correct based on the version----------- 12 | 13 | if ! [[ $version == $branch_name* ]] 14 | then 15 | RED='\033[0;31m' 16 | NC='\033[0m' # No Color 17 | printf "${RED}Adding tag to wrong branch. Stopping process${NC}\n" 18 | exit 1 19 | fi 20 | 21 | git fetch --tags -f 22 | git fetch --prune --prune-tags 23 | 24 | # get current commit hash------------ 25 | if [ $# -eq 0 ] 26 | then 27 | commit_hash=`git log --pretty=format:'%H' -n 1` 28 | else 29 | commit_hash=$1 30 | fi 31 | 32 | 33 | # check if current commit already has a tag or not------------ 34 | 35 | if [[ `git tag -l --points-at $commit_hash` == "" ]] 36 | then 37 | continue=1 38 | else 39 | RED='\033[0;31m' 40 | NC='\033[0m' 41 | printf "${RED}This commit already has a tag. Please remove that and re-run this script${NC}\n" 42 | echo "git tag --delete " 43 | echo "git push --delete origin " 44 | exit 1 45 | fi 46 | 47 | # tag this commit and push it------------ 48 | 49 | git push origin :refs/tags/dev-v$version 50 | git fetch --prune --prune-tags 51 | git tag dev-v$version $commit_hash 52 | git push --tags -------------------------------------------------------------------------------- /addReleaseTag.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Expects a releasePassword file to be ./ 3 | 4 | # get version------------ 5 | version=`cat Dockerfile | grep "ARG CORE_VERSION=" | cut -d'=' -f2` 6 | 7 | branch_name="$(git symbolic-ref HEAD 2>/dev/null)" || 8 | branch_name="(unnamed branch)" # detached HEAD 9 | 10 | branch_name=${branch_name##refs/heads/} 11 | 12 | git fetch --prune --prune-tags 13 | 14 | 15 | # check that current commit has a dev tag and that it is the correct version 16 | # get current commit hash------------ 17 | if [ $# -eq 0 ] 18 | then 19 | commit_hash=`git log --pretty=format:'%H' -n 1` 20 | else 21 | commit_hash=$1 22 | fi 23 | 24 | 25 | # check if current commit already has a tag or not------------ 26 | currTag=`git tag -l --points-at $commit_hash` 27 | 28 | git tag --delete $currTag 29 | git push --delete origin $currTag 30 | 31 | git push origin :refs/tags/v$version 32 | git fetch --prune --prune-tags 33 | git tag v$version 34 | git push --tags 35 | 36 | password=`cat ./apiPassword` 37 | 38 | PLUGIN_VERSION=$(cat Dockerfile | grep "ARG PLUGIN_VERSION=" | cut -d'=' -f2) 39 | CORE_VERSION=$(cat Dockerfile | grep "ARG CORE_VERSION=" | cut -d'=' -f2) 40 | PLUGIN_NAME=$(cat Dockerfile | grep "ARG PLUGIN_NAME=" | cut -d'=' -f2) 41 | response=`curl -s -X GET \ 42 | "https://api.supertokens.io/0/core/latest/check?password=$password&planType=FREE&version=$CORE_VERSION&allowDev=true" \ 43 | -H 'api-version: 0'` 44 | core_response=`echo $response | jq .isLatest` 45 | response=`curl -s -X GET \ 46 | "https://api.supertokens.io/0/plugin/latest/check?password=$password&planType=FREE&version=$PLUGIN_VERSION&name=$PLUGIN_NAME&allowDev=true" \ 47 | -H 'api-version: 0'` 48 | plugin_response=`echo $response | jq .isLatest` 49 | if [[ $core_response == "true" ]] && [[ $plugin_response == "true" ]] 50 | then 51 | echo "pushing to mater..." 52 | if [[ $branch_name == "(unnamed branch)" ]] 53 | then 54 | git checkout -b forrelease 55 | git merge -s ours master 56 | git checkout master 57 | git merge forrelease 58 | git push 59 | git checkout forrelease 60 | echo "Done! Please delete this branch" 61 | else 62 | git merge -s ours master 63 | git checkout master 64 | git merge origin/$branch_name 65 | git push 66 | git checkout $branch_name 67 | echo "Done!" 68 | fi 69 | fi -------------------------------------------------------------------------------- /config.yaml: -------------------------------------------------------------------------------- 1 | core_config_version: 0 2 | mysql_config_version: 0 3 | mysql_password: "root" 4 | mysql_user: "root" 5 | host: "0.0.0.0" 6 | disable_telemetry: true -------------------------------------------------------------------------------- /docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eo pipefail 3 | # -e Exit immediately if a command exits with a non-zero status. 4 | # -o pipefail the return value of a pipeline is the status of the last command 5 | # to exit with a non-zero status, or zero if no command exited with a non-zero status 6 | 7 | CONFIG_HASH=$(head -n 1 /CONFIG_HASH) 8 | 9 | ERROR="\x1b[1;31m" 10 | DEFAULT="\x1b[0m" 11 | 12 | # logging functions 13 | log() { 14 | local level="$1"; shift 15 | local type="$1"; shift 16 | printf "[$level$type$DEFAULT]: $*\n" 17 | } 18 | error_log() { 19 | log "$ERROR" "$@" >&2 20 | exit 1 21 | } 22 | 23 | # if command starts with an option, prepend supertokens start 24 | if [ "${1}" = 'dev' -o "${1}" = "production" -o "${1:0:2}" = "--" ]; then 25 | # set -- supertokens start "$@" 26 | set -- supertokens start "$@" 27 | # check if --foreground option is passed or not 28 | if [[ "$*" != *--foreground* ]] 29 | then 30 | set -- "$@" --foreground 31 | fi 32 | fi 33 | 34 | CONFIG_FILE=/usr/lib/supertokens/config.yaml 35 | TEMP_LOCATION_WHEN_READONLY=/lib/supertokens/temp/ 36 | CONFIG_MD5SUM="$(md5sum /usr/lib/supertokens/config.yaml | awk '{ print $1 }')" 37 | 38 | # always assuming readonly 39 | #changing where the config file is written 40 | ORIGINAL_CONFIG=$CONFIG_FILE 41 | mkdir -p $TEMP_LOCATION_WHEN_READONLY 42 | CONFIG_FILE="${TEMP_LOCATION_WHEN_READONLY}/config.yaml" 43 | cat $ORIGINAL_CONFIG >> $CONFIG_FILE 44 | 45 | #required by JNA 46 | export _JAVA_OPTIONS=-Djava.io.tmpdir=$TEMP_LOCATION_WHEN_READONLY 47 | 48 | #make sure the CLI knows which config file to pass to the core 49 | set -- "$@" --with-config="$CONFIG_FILE" --with-temp-dir="$TEMP_LOCATION_WHEN_READONLY" --foreground 50 | 51 | 52 | if [ "$CONFIG_HASH" = "$CONFIG_MD5SUM" ] 53 | then 54 | echo "" >> $CONFIG_FILE 55 | echo "host: 0.0.0.0" >> $CONFIG_FILE 56 | 57 | # verify api keys are passed 58 | if [ ! -z $API_KEYS ] 59 | then 60 | echo "api_keys: $API_KEYS" >> $CONFIG_FILE 61 | fi 62 | 63 | # verify mysql user name is passed 64 | if [ ! -z $MYSQL_USER ] 65 | then 66 | echo "mysql_user: $MYSQL_USER" >> $CONFIG_FILE 67 | fi 68 | 69 | # verify mysql password is passed 70 | if [ ! -z $MYSQL_PASSWORD ] 71 | then 72 | echo "mysql_password: $MYSQL_PASSWORD" >> $CONFIG_FILE 73 | fi 74 | 75 | # check if supertokens port is passed 76 | if [ ! -z $SUPERTOKENS_PORT ] 77 | then 78 | echo "port: $SUPERTOKENS_PORT" >> $CONFIG_FILE 79 | fi 80 | 81 | # check if access token validity is passed 82 | if [ ! -z $ACCESS_TOKEN_VALIDITY ] 83 | then 84 | echo "access_token_validity: $ACCESS_TOKEN_VALIDITY" >> $CONFIG_FILE 85 | fi 86 | 87 | # check if access token blacklisting is passed 88 | if [ ! -z $ACCESS_TOKEN_BLACKLISTING ] 89 | then 90 | echo "access_token_blacklisting: $ACCESS_TOKEN_BLACKLISTING" >> $CONFIG_FILE 91 | fi 92 | 93 | # check if access token signing key dynamic is passed 94 | if [ ! -z $ACCESS_TOKEN_SIGNING_KEY_DYNAMIC ] 95 | then 96 | echo "access_token_signing_key_dynamic: $ACCESS_TOKEN_SIGNING_KEY_DYNAMIC" >> $CONFIG_FILE 97 | fi 98 | 99 | # check if access token signing key update interval is passed 100 | if [ ! -z $ACCESS_TOKEN_DYNAMIC_SIGNING_KEY_UPDATE_INTERVAL ] 101 | then 102 | echo "access_token_dynamic_signing_key_update_interval: $ACCESS_TOKEN_DYNAMIC_SIGNING_KEY_UPDATE_INTERVAL" >> $CONFIG_FILE 103 | fi 104 | 105 | if [ ! -z $PASSWORD_RESET_TOKEN_LIFETIME ] 106 | then 107 | echo "password_reset_token_lifetime: $PASSWORD_RESET_TOKEN_LIFETIME" >> $CONFIG_FILE 108 | fi 109 | 110 | if [ ! -z $EMAIL_VERIFICATION_TOKEN_LIFETIME ] 111 | then 112 | echo "email_verification_token_lifetime: $EMAIL_VERIFICATION_TOKEN_LIFETIME" >> $CONFIG_FILE 113 | fi 114 | 115 | # check if refresh token validity is passed 116 | if [ ! -z $REFRESH_TOKEN_VALIDITY ] 117 | then 118 | echo "refresh_token_validity: $REFRESH_TOKEN_VALIDITY" >> $CONFIG_FILE 119 | fi 120 | 121 | if [ ! -z $PASSWORDLESS_MAX_CODE_INPUT_ATTEMPTS ] 122 | then 123 | echo "passwordless_max_code_input_attempts: $PASSWORDLESS_MAX_CODE_INPUT_ATTEMPTS" >> $CONFIG_FILE 124 | fi 125 | 126 | if [ ! -z $PASSWORDLESS_CODE_LIFETIME ] 127 | then 128 | echo "passwordless_code_lifetime: $PASSWORDLESS_CODE_LIFETIME" >> $CONFIG_FILE 129 | fi 130 | 131 | if [ ! -z $BASE_PATH ] 132 | then 133 | echo "base_path: $BASE_PATH" >> $CONFIG_FILE 134 | fi 135 | 136 | if [ ! -z $PASSWORD_HASHING_ALG ] 137 | then 138 | echo "password_hashing_alg: $PASSWORD_HASHING_ALG" >> $CONFIG_FILE 139 | fi 140 | 141 | if [ ! -z $ARGON2_ITERATIONS ] 142 | then 143 | echo "argon2_iterations: $ARGON2_ITERATIONS" >> $CONFIG_FILE 144 | fi 145 | 146 | if [ ! -z $ARGON2_MEMORY_KB ] 147 | then 148 | echo "argon2_memory_kb: $ARGON2_MEMORY_KB" >> $CONFIG_FILE 149 | fi 150 | 151 | if [ ! -z $ARGON2_PARALLELISM ] 152 | then 153 | echo "argon2_parallelism: $ARGON2_PARALLELISM" >> $CONFIG_FILE 154 | fi 155 | 156 | if [ ! -z $ARGON2_HASHING_POOL_SIZE ] 157 | then 158 | echo "argon2_hashing_pool_size: $ARGON2_HASHING_POOL_SIZE" >> $CONFIG_FILE 159 | fi 160 | 161 | if [ ! -z $BCRYPT_LOG_ROUNDS ] 162 | then 163 | echo "bcrypt_log_rounds: $BCRYPT_LOG_ROUNDS" >> $CONFIG_FILE 164 | fi 165 | 166 | if [ ! -z $FIREBASE_PASSWORD_HASHING_SIGNER_KEY ] 167 | then 168 | echo "firebase_password_hashing_signer_key: $FIREBASE_PASSWORD_HASHING_SIGNER_KEY" >> $CONFIG_FILE 169 | fi 170 | 171 | if [ ! -z $FIREBASE_PASSWORD_HASHING_POOL_SIZE ] 172 | then 173 | echo "firebase_password_hashing_pool_size: $FIREBASE_PASSWORD_HASHING_POOL_SIZE" >> $CONFIG_FILE 174 | fi 175 | 176 | if [ ! -z $LOG_LEVEL ] 177 | then 178 | echo "log_level: $LOG_LEVEL" >> $CONFIG_FILE 179 | fi 180 | 181 | if [ ! -z $IP_ALLOW_REGEX ] 182 | then 183 | echo "ip_allow_regex: $IP_ALLOW_REGEX" >> $CONFIG_FILE 184 | fi 185 | 186 | if [ ! -z $IP_DENY_REGEX ] 187 | then 188 | echo "ip_deny_regex: $IP_DENY_REGEX" >> $CONFIG_FILE 189 | fi 190 | 191 | if [ ! -z $TOTP_MAX_ATTEMPTS ] 192 | then 193 | echo "totp_max_attempts: $TOTP_MAX_ATTEMPTS" >> $CONFIG_FILE 194 | fi 195 | 196 | if [ ! -z $TOTP_RATE_LIMIT_COOLDOWN_SEC ] 197 | then 198 | echo "totp_rate_limit_cooldown_sec: $TOTP_RATE_LIMIT_COOLDOWN_SEC" >> $CONFIG_FILE 199 | fi 200 | 201 | if [ ! -z $SUPERTOKENS_SAAS_SECRET ] 202 | then 203 | echo "supertokens_saas_secret: $SUPERTOKENS_SAAS_SECRET" >> $CONFIG_FILE 204 | fi 205 | 206 | if [ ! -z $SUPERTOKENS_MAX_CDI_VERSION ] 207 | then 208 | echo "supertokens_max_cdi_version: $SUPERTOKENS_MAX_CDI_VERSION" >> $CONFIG_FILE 209 | fi 210 | 211 | # check if info log path is not passed 212 | if [ ! -z $INFO_LOG_PATH ] 213 | then 214 | if [[ ! -f $INFO_LOG_PATH ]] 215 | then 216 | touch $INFO_LOG_PATH 217 | fi 218 | echo "info_log_path: $INFO_LOG_PATH" >> $CONFIG_FILE 219 | else 220 | echo "info_log_path: null" >> $CONFIG_FILE 221 | fi 222 | 223 | # check if error log path is passed 224 | if [ ! -z $ERROR_LOG_PATH ] 225 | then 226 | if [[ ! -f $ERROR_LOG_PATH ]] 227 | then 228 | touch $ERROR_LOG_PATH 229 | fi 230 | echo "error_log_path: $ERROR_LOG_PATH" >> $CONFIG_FILE 231 | else 232 | echo "error_log_path: null" >> $CONFIG_FILE 233 | fi 234 | 235 | # check if telemetry config is passed 236 | if [ ! -z $DISABLE_TELEMETRY ] 237 | then 238 | echo "disable_telemetry: $DISABLE_TELEMETRY" >> $CONFIG_FILE 239 | fi 240 | 241 | # check if max server pool size is passed 242 | if [ ! -z $MAX_SERVER_POOL_SIZE ] 243 | then 244 | echo "max_server_pool_size: $MAX_SERVER_POOL_SIZE" >> $CONFIG_FILE 245 | fi 246 | 247 | # check if max server pool size is passed 248 | if [ ! -z $MYSQL_CONNECTION_POOL_SIZE ] 249 | then 250 | echo "mysql_connection_pool_size: $MYSQL_CONNECTION_POOL_SIZE" >> $CONFIG_FILE 251 | fi 252 | 253 | # check if mysql host is passed 254 | if [ ! -z $MYSQL_HOST ] 255 | then 256 | echo "mysql_host: $MYSQL_HOST" >> $CONFIG_FILE 257 | fi 258 | 259 | # check if mysql port is passed 260 | if [ ! -z $MYSQL_PORT ] 261 | then 262 | echo "mysql_port: $MYSQL_PORT" >> $CONFIG_FILE 263 | fi 264 | 265 | # check if mysql database name is passed 266 | if [ ! -z $MYSQL_DATABASE_NAME ] 267 | then 268 | echo "mysql_database_name: $MYSQL_DATABASE_NAME" >> $CONFIG_FILE 269 | fi 270 | 271 | # check if mysql table name prefix is passed 272 | if [ ! -z $MYSQL_TABLE_NAMES_PREFIX ] 273 | then 274 | echo "mysql_table_names_prefix: $MYSQL_TABLE_NAMES_PREFIX" >> $CONFIG_FILE 275 | fi 276 | 277 | if [ ! -z $MYSQL_CONNECTION_URI ] 278 | then 279 | echo "mysql_connection_uri: $MYSQL_CONNECTION_URI" >> $CONFIG_FILE 280 | fi 281 | 282 | # THE CONFIGS BELOW ARE DEPRECATED---------------- 283 | 284 | # check if mysql key value table name is passed 285 | if [ ! -z $MYSQL_KEY_VALUE_TABLE_NAME ] 286 | then 287 | echo "mysql_key_value_table_name: $MYSQL_KEY_VALUE_TABLE_NAME" >> $CONFIG_FILE 288 | fi 289 | 290 | # check if mysql session info table name is passed 291 | if [ ! -z $MYSQL_SESSION_INFO_TABLE_NAME ] 292 | then 293 | echo "mysql_session_info_table_name: $MYSQL_SESSION_INFO_TABLE_NAME" >> $CONFIG_FILE 294 | fi 295 | 296 | # check if mysql emailpassword user table name is passed 297 | if [ ! -z $MYSQL_EMAILPASSWORD_USERS_TABLE_NAME ] 298 | then 299 | echo "mysql_emailpassword_users_table_name: $MYSQL_EMAILPASSWORD_USERS_TABLE_NAME" >> $CONFIG_FILE 300 | fi 301 | 302 | # check if mysql emailpassword password reset table name is passed 303 | if [ ! -z $MYSQL_EMAILPASSWORD_PSWD_RESET_TOKENS_TABLE_NAME ] 304 | then 305 | echo "mysql_emailpassword_pswd_reset_tokens_table_name: $MYSQL_EMAILPASSWORD_PSWD_RESET_TOKENS_TABLE_NAME" >> $CONFIG_FILE 306 | fi 307 | 308 | # check if mysql emailpassword email verification tokens table name is passed 309 | if [ ! -z $MYSQL_EMAILVERIFICATION_TOKENS_TABLE_NAME ] 310 | then 311 | echo "mysql_emailpassword_email_verification_tokens_table_name: $MYSQL_EMAILVERIFICATION_TOKENS_TABLE_NAME" >> $CONFIG_FILE 312 | fi 313 | 314 | # check if mysql verified emails table name is passed 315 | if [ ! -z $MYSQL_EMAILVERIFICATION_VERIFIED_EMAILS_TABLE_NAME ] 316 | then 317 | echo "mysql_emailverification_verified_emails_table_name: $MYSQL_EMAILVERIFICATION_VERIFIED_EMAILS_TABLE_NAME" >> $CONFIG_FILE 318 | fi 319 | 320 | if [ ! -z $MYSQL_THIRDPARTY_USERS_TABLE_NAME ] 321 | then 322 | echo "mysql_thirdparty_users_table_name: $MYSQL_THIRDPARTY_USERS_TABLE_NAME" >> $CONFIG_FILE 323 | fi 324 | 325 | if [ ! -z $MYSQL_IDLE_CONNECTION_TIMEOUT ] 326 | then 327 | echo "mysql_idle_connection_timeout: $MYSQL_IDLE_CONNECTION_TIMEOUT" >> $CONFIG_FILE 328 | fi 329 | 330 | if [ ! -z $MYSQL_MINIMUM_IDLE_CONNECTIONS ] 331 | then 332 | echo "mysql_minimum_idle_connections: $MYSQL_MINIMUM_IDLE_CONNECTIONS" >> $CONFIG_FILE 333 | fi 334 | 335 | if [ ! -z $SUPERTOKENS_SAAS_LOAD_ONLY_CUD ] 336 | then 337 | echo "supertokens_saas_load_only_cud: $SUPERTOKENS_SAAS_LOAD_ONLY_CUD" >> $CONFIG_FILE 338 | fi 339 | 340 | if [ ! -z $OAUTH_PROVIDER_PUBLIC_SERVICE_URL ] 341 | then 342 | echo "oauth_provider_public_service_url: $OAUTH_PROVIDER_PUBLIC_SERVICE_URL" >> $CONFIG_FILE 343 | fi 344 | 345 | if [ ! -z $OAUTH_PROVIDER_ADMIN_SERVICE_URL ] 346 | then 347 | echo "oauth_provider_admin_service_url: $OAUTH_PROVIDER_ADMIN_SERVICE_URL" >> $CONFIG_FILE 348 | fi 349 | 350 | if [ ! -z $OAUTH_PROVIDER_CONSENT_LOGIN_BASE_URL ] 351 | then 352 | echo "oauth_provider_consent_login_base_url: $OAUTH_PROVIDER_CONSENT_LOGIN_BASE_URL" >> $CONFIG_FILE 353 | fi 354 | 355 | if [ ! -z $OAUTH_PROVIDER_URL_CONFIGURED_IN_OAUTH_PROVIDER ] 356 | then 357 | echo "oauth_provider_url_configured_in_oauth_provider: $OAUTH_PROVIDER_URL_CONFIGURED_IN_OAUTH_PROVIDER" >> $CONFIG_FILE 358 | fi 359 | 360 | if [ ! -z $OAUTH_CLIENT_SECRET_ENCRYPTION_KEY ] 361 | then 362 | echo "oauth_client_secret_encryption_key: $OAUTH_CLIENT_SECRET_ENCRYPTION_KEY" >> $CONFIG_FILE 363 | fi 364 | 365 | if [ ! -z $BULK_MIGRATION_PARALLELISM ] 366 | then 367 | echo "bulk_migration_parallelism: $BULK_MIGRATION_PARALLELISM" >> $CONFIG_FILE 368 | fi 369 | 370 | if [ ! -z $BULK_MIGRATION_BATCH_SIZE ] 371 | then 372 | echo "bulk_migration_batch_size: $BULK_MIGRATION_BATCH_SIZE" >> $CONFIG_FILE 373 | fi 374 | 375 | if [ ! -z $WEBAUTHN_RECOVER_ACCOUNT_TOKEN_LIFETIME ] 376 | then 377 | echo "webauthn_recover_account_token_lifetime: $WEBAUTHN_RECOVER_ACCOUNT_TOKEN_LIFETIME" >> $CONFIG_FILE 378 | fi 379 | 380 | fi 381 | 382 | # check if no options has been passed to docker run 383 | if [[ "$@" == "supertokens start" ]] 384 | then 385 | set -- "$@" --with-config="$CONFIG_FILE" --foreground 386 | fi 387 | 388 | # If container is started as root user, restart as dedicated supertokens user 389 | if [ "$(id -u)" = "0" ] && [ "$1" = 'supertokens' ]; then 390 | exec gosu supertokens "$@" 391 | else 392 | exec "$@" 393 | fi -------------------------------------------------------------------------------- /helm-chart/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /helm-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: supertokens 3 | description: SuperTokens Core Deployment 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.1 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "3.12.0" 25 | -------------------------------------------------------------------------------- /helm-chart/README.md: -------------------------------------------------------------------------------- 1 | # supertokens 2 | 3 | ![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.12.0](https://img.shields.io/badge/AppVersion-3.12.0-informational?style=flat-square) 4 | 5 | SuperTokens Core Deployment 6 | 7 | ## Values 8 | 9 | | Key | Type | Default | Description | 10 | |-----|------|---------|-------------| 11 | | apiKeys.enabled | bool | `false` | enable the use of API Keys with supertokens-core | 12 | | apiKeys.keys | list | `[]` | list of API Keys to load and use with supertokens-core | 13 | | autoscaling.enabled | bool | `false` | enable autoscaling of replicas | 14 | | autoscaling.maxReplicas | int | `100` | maximum replica count when autoscaling | 15 | | autoscaling.minReplicas | int | `1` | minimal replica count when autoscaling | 16 | | autoscaling.targetCPUUtilizationPercentage | int | `80` | target CPU usage before autoscaling | 17 | | database.host | string | `"mysql"` | database host address | 18 | | database.name | string | `"supertokens"` | database name | 19 | | database.password | string | `"supersecretpassword"` | database user password | 20 | | database.port | int | `3306` | database port | 21 | | database.user | string | `"supertokens"` | database username | 22 | | database.connectionPoolSize | int | `5` | maximum mysql connection pool size | 23 | | accessTokenValidity | int | `3600` | Time in seconds for how long an access token is valid for | 24 | | accessTokenBlacklisting | bool | `false` | If true, allows for immediate revocation of any access token. Keep in mind that setting this to true will result in a db query for each API call that requires authentication. | 25 | | accessTokenSigningKeyDynamic | bool | `true` | If this is set to true, the JWT (access token) signing key will change every fixed interval of time. | 26 | | accessTokenSigningKeyUpdateInterval | int | `168` | Time in hours for how frequently the JWT (access token) signing key will change. This value only makes sense if "accessTokenSigningKeyDynamic" is true. | 27 | | refreshTokenValidity | int | `144000` | Time in mins for how long a refresh token is valid for. | 28 | | passwordResetTokenLifetime | int | `3600000` | Time in milli-seconds for how long a password reset token is valid for. | 29 | | emailVerificationTokenLifetime | int | `86400000` | Time in milli-seconds for how long an email verification token is valid for. | 30 | | passwordlessMaxCodeInputAttempts | int | `5` | The maximum number of code input attempts per login before the user needs to restart. | 31 | | passwordlessCodeLifetime | int | `900000` | Time in milliseconds for how long a passwordless code is valid for. | 32 | | basePath | string | `""` | base api path | 33 | | disableTelemetry | bool | `false` | enable/disable telemetry | 34 | | maxServerPoolSize | int | `10` | maximum java server pool size | 35 | | fullnameOverride | string | `""` | | 36 | | image.pullPolicy | string | `"IfNotPresent"` | | 37 | | image.repository | string | `"supertokens/supertokens-mysql"` | docker repository | 38 | | image.tag | string | `"3.12"` | Overrides the image tag whose default is the chart appVersion. | 39 | | imagePullSecrets | list | `[]` | | 40 | | nameOverride | string | `""` | | 41 | | podAnnotations | object | `{}` | | 42 | | podSecurityContext | object | `{}` | | 43 | | replicaCount | int | `1` | | 44 | | resources | object | `{}` | limit and requests for resources for supertokens-core container | 45 | | securityContext | object | `{}` | | 46 | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | 47 | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | 48 | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | 49 | 50 | ---------------------------------------------- 51 | Autogenerated from chart metadata using [helm-docs v1.7.0](https://github.com/norwoodj/helm-docs/releases/v1.7.0) 52 | -------------------------------------------------------------------------------- /helm-chart/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if contains "NodePort" .Values.service.type }} 3 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "supertokens.fullname" . }}) 4 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 5 | echo http://$NODE_IP:$NODE_PORT 6 | {{- else if contains "LoadBalancer" .Values.service.type }} 7 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 8 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "supertokens.fullname" . }}' 9 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "supertokens.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 10 | echo http://$SERVICE_IP:{{ .Values.service.port }} 11 | {{- else if contains "ClusterIP" .Values.service.type }} 12 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "supertokens.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 13 | export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") 14 | echo "Visit http://127.0.0.1:8080 to use your application" 15 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /helm-chart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "supertokens.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "supertokens.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "supertokens.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "supertokens.labels" -}} 37 | helm.sh/chart: {{ include "supertokens.chart" . }} 38 | {{ include "supertokens.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "supertokens.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "supertokens.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "supertokens.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "supertokens.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /helm-chart/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "supertokens.fullname" . }} 5 | labels: 6 | {{- include "supertokens.labels" . | nindent 4 }} 7 | spec: 8 | {{- if not .Values.autoscaling.enabled }} 9 | replicas: {{ .Values.replicaCount }} 10 | {{- end }} 11 | selector: 12 | matchLabels: 13 | {{- include "supertokens.selectorLabels" . | nindent 6 }} 14 | template: 15 | metadata: 16 | {{- with .Values.podAnnotations }} 17 | annotations: 18 | {{- toYaml . | nindent 8 }} 19 | {{- end }} 20 | labels: 21 | {{- include "supertokens.selectorLabels" . | nindent 8 }} 22 | spec: 23 | {{- with .Values.imagePullSecrets }} 24 | imagePullSecrets: 25 | {{- toYaml . | nindent 8 }} 26 | {{- end }} 27 | serviceAccountName: {{ include "supertokens.serviceAccountName" . }} 28 | securityContext: 29 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 30 | containers: 31 | - name: {{ .Chart.Name }} 32 | securityContext: 33 | {{- toYaml .Values.securityContext | nindent 12 }} 34 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default "latest" }}" 35 | imagePullPolicy: {{ .Values.image.pullPolicy }} 36 | env: 37 | - name: "MYSQL_DATABASE_NAME" 38 | value: "{{ .Values.database.name }}" 39 | - name: "MYSQL_PORT" 40 | value: "{{ .Values.database.port }}" 41 | - name: "MYSQL_HOST" 42 | value: "{{ .Values.database.host }}" 43 | - name: "MYSQL_PASSWORD" 44 | value: "{{ .Values.database.password }}" 45 | - name: "MYSQL_USER" 46 | value: "{{ .Values.database.user }}" 47 | - name: "SUPERTOKENS_PORT" 48 | value: "3567" 49 | - name: "MYSQL_CONNECTION_POOL_SIZE" 50 | value: {{ .Values.database.connectionPoolSize }} 51 | - name: "ACCESS_TOKEN_VALIDITY" 52 | value: {{ .Values.accessTokenValidity }} 53 | - name: "ACCESS_TOKEN_BLACKLISTING" 54 | value: {{ .Values.accessTokenBlacklisting }} 55 | - name: "ACCESS_TOKEN_SIGNING_KEY_DYNAMIC" 56 | value: {{ .Values.accessTokenSigningKeyDynamic }} 57 | - name: "ACCESS_TOKEN_SIGNING_KEY_UPDATE_INTERVAL" 58 | value: {{ .Values.accessTokenSigningKeyUpdateInterval }} 59 | - name: "REFRESH_TOKEN_VALIDITY" 60 | value: {{ .Values.refreshTokenValidity }} 61 | - name: "PASSWORD_RESET_TOKEN_LIFETIME" 62 | value: {{ .Values.passwordResetTokenLifetime }} 63 | - name: "EMAIL_VERIFICATION_TOKEN_LIFETIME" 64 | value: {{ .Values.emailVerificationTokenLifetime }} 65 | - name: "PASSWORDLESS_MAX_CODE_INPUT_ATTEMPTS" 66 | value: {{ .Values.passwordlessMaxCodeInputAttempts }} 67 | - name: "PASSWORDLESS_CODE_LIFETIME" 68 | value: {{ .Values.passwordlessCodeLifetime }} 69 | - name: "BASE_PATH" 70 | value: {{ .Values.basePath }} 71 | - name: "DISABLE_TELEMETRY" 72 | value: {{ .Values.disableTelemetry }} 73 | - name: "MAX_SERVER_POOL_SIZE" 74 | value: {{ .Values.maxServerPoolSize }} 75 | {{- if .Values.apiKeys.enabled }} 76 | - name: "API_KEYS" 77 | value: "{{ join "," .Values.apiKeys.keys }}" 78 | {{- end }} 79 | ports: 80 | - name: http 81 | containerPort: 3567 82 | protocol: TCP 83 | livenessProbe: 84 | httpGet: 85 | path: /hello 86 | port: http 87 | readinessProbe: 88 | httpGet: 89 | path: /hello 90 | port: http 91 | resources: 92 | {{- toYaml .Values.resources | nindent 12 }} 93 | {{- with .Values.nodeSelector }} 94 | nodeSelector: 95 | {{- toYaml . | nindent 8 }} 96 | {{- end }} 97 | {{- with .Values.affinity }} 98 | affinity: 99 | {{- toYaml . | nindent 8 }} 100 | {{- end }} 101 | {{- with .Values.tolerations }} 102 | tolerations: 103 | {{- toYaml . | nindent 8 }} 104 | {{- end }} 105 | -------------------------------------------------------------------------------- /helm-chart/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "supertokens.fullname" . }} 6 | labels: 7 | {{- include "supertokens.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ include "supertokens.fullname" . }} 13 | minReplicas: {{ .Values.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 21 | {{- end }} 22 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} 23 | - type: Resource 24 | resource: 25 | name: memory 26 | targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /helm-chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "supertokens.fullname" . }} 5 | labels: 6 | {{- include "supertokens.labels" . | nindent 4 }} 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - port: 3567 11 | targetPort: 3567 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "supertokens.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /helm-chart/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "supertokens.serviceAccountName" . }} 6 | labels: 7 | {{- include "supertokens.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /helm-chart/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "supertokens.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "supertokens.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "supertokens.fullname" . }}:{{ .Values.service.port }}/hello'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /helm-chart/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for supertokens. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: supertokens/supertokens-mysql 9 | pullPolicy: IfNotPresent 10 | # -- Overrides the image tag whose default is the chart appVersion. 11 | tag: "3.12" 12 | 13 | imagePullSecrets: [] 14 | nameOverride: "" 15 | fullnameOverride: "" 16 | 17 | # Specifies the database settings 18 | database: 19 | # -- database name 20 | name: supertokens 21 | # -- database port 22 | port: 3306 23 | # -- database host address 24 | host: mysql 25 | # -- database username 26 | user: supertokens 27 | # TODO: Move this into a secret 28 | # -- database user password 29 | password: supersecretpassword 30 | 31 | connectionPoolSize: 5 32 | 33 | # -- Time in seconds for how long an access token is valid for 34 | accessTokenValidity: 3600 35 | 36 | # -- If true, allows for immediate revocation of any access token. Keep in mind that setting this to true will result in a db query for each API call that requires authentication. 37 | accessTokenBlacklisting: false 38 | 39 | # -- If this is set to true, the JWT (access token) signing key will change every fixed interval of time. 40 | accessTokenSigningKeyDynamic: true 41 | 42 | # -- Time in hours for how frequently the JWT (access token) signing key will change. This value only makes sense if "accessTokenSigningKeyDynamic" is true. 43 | accessTokenSigningKeyUpdateInterval: 168 44 | 45 | # -- Time in mins for how long a refresh token is valid for. 46 | refreshTokenValidity: 144000 47 | 48 | # -- Time in milli-seconds for how long a password reset token is valid for. 49 | passwordResetTokenLifetime: 3600000 50 | 51 | # -- Time in milli-seconds for how long an email verification token is valid for. 52 | emailVerificationTokenLifetime: 86400000 53 | 54 | # -- The maximum number of code input attempts per login before the user needs to restart. 55 | passwordlessMaxCodeInputAttempts: 5 56 | 57 | # -- Time in milliseconds for how long a passwordless code is valid for. 58 | passwordlessCodeLifetime: 900000 59 | 60 | basePath: "" 61 | 62 | disableTelemetry: false 63 | 64 | maxServerPoolSize: 10 65 | 66 | apiKeys: 67 | # -- enable the use of API Keys with supertokens-core 68 | enabled: false 69 | # -- list of API Keys to load and use with supertokens-core 70 | keys: [] 71 | 72 | 73 | serviceAccount: 74 | # -- Specifies whether a service account should be created 75 | create: true 76 | # -- Annotations to add to the service account 77 | annotations: {} 78 | # -- The name of the service account to use. 79 | # If not set and create is true, a name is generated using the fullname template 80 | name: "" 81 | 82 | podAnnotations: {} 83 | 84 | podSecurityContext: {} 85 | # fsGroup: 2000 86 | 87 | securityContext: {} 88 | # capabilities: 89 | # drop: 90 | # - ALL 91 | # readOnlyRootFilesystem: true 92 | # runAsNonRoot: true 93 | # runAsUser: 1000 94 | 95 | # -- limit and requests for resources for supertokens-core container 96 | resources: {} 97 | # We usually recommend not to specify default resources and to leave this as a conscious 98 | # choice for the user. This also increases chances charts run on environments with little 99 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 100 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 101 | # limits: 102 | # cpu: 100m 103 | # memory: 128Mi 104 | # requests: 105 | # cpu: 100m 106 | # memory: 128Mi 107 | 108 | autoscaling: 109 | # -- enable autoscaling of replicas 110 | enabled: false 111 | # -- minimal replica count when autoscaling 112 | minReplicas: 1 113 | # -- maximum replica count when autoscaling 114 | maxReplicas: 100 115 | # -- target CPU usage before autoscaling 116 | targetCPUUtilizationPercentage: 80 117 | # targetMemoryUtilizationPercentage: 80 118 | 119 | # nodeSelector: {} 120 | 121 | # tolerations: [] 122 | 123 | # affinity: {} 124 | # podAntiAffinity: 125 | # preferredDuringSchedulingIgnoredDuringExecution: 126 | # - weight: 1 127 | # podAffinityTerm: 128 | # labelSelector: 129 | # matchExpressions: 130 | # - key: "app.kubernetes.io/name" 131 | # operator: In 132 | # values: 133 | # - supertokens 134 | # topologyKey: kubernetes.io/hostname 135 | -------------------------------------------------------------------------------- /pre-commit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # checks if locally staged changes are 4 | # formatted properly. Ignores non-staged 5 | # changes. 6 | # Intended as git pre-commit hook 7 | 8 | #COLOR CODES: 9 | #tput setaf 3 = yellow -> Info 10 | #tput setaf 1 = red -> warning/not allowed commit 11 | #tput setaf 2 = green -> all good!/allowed commit 12 | 13 | echo "" 14 | echo "$(tput setaf 3)Running pre-commit hook ... (you can omit this with --no-verify, but don't)$(tput sgr 0)" 15 | 16 | # get current version---------- 17 | version=`cat Dockerfile | grep -e 'ARG CORE_VERSION='` 18 | while IFS='=' read -ra ADDR; do 19 | counter=0 20 | for i in "${ADDR[@]}"; do 21 | if [ $counter == 1 ] 22 | then 23 | version=$i 24 | fi 25 | counter=$(($counter+1)) 26 | done 27 | done <<< "$version" 28 | 29 | # get git branch name----------- 30 | 31 | branch_name="$(git symbolic-ref HEAD 2>/dev/null)" || 32 | branch_name="(unnamed branch)" # detached HEAD 33 | 34 | branch_name=${branch_name##refs/heads/} 35 | 36 | 37 | # check if branch is correct based on the version----------- 38 | if [ $branch_name == "master" ] 39 | then 40 | YELLOW='\033[1;33m' 41 | NC='\033[0m' # No Color 42 | printf "${YELLOW}committing to MASTER${NC}\n" 43 | elif [[ $version == $branch_name* ]] 44 | then 45 | continue=1 46 | elif ! [[ $branch_name =~ ^[0-9]+.[0-9]+$ ]] 47 | then 48 | YELLOW='\033[1;33m' 49 | NC='\033[0m' # No Color 50 | printf "${YELLOW}Not committing to master or version branches${NC}\n" 51 | else 52 | RED='\033[0;31m' 53 | NC='\033[0m' # No Color 54 | printf "${RED}Pushing to wrong branch. Stopping commit${NC}\n" 55 | exit 1 56 | fi -------------------------------------------------------------------------------- /setupHooks.sh: -------------------------------------------------------------------------------- 1 | cp pre-commit.sh .git/hooks/pre-commit && chmod +x .git/hooks/pre-commit -------------------------------------------------------------------------------- /test.sh: -------------------------------------------------------------------------------- 1 | set -e 2 | # build image 3 | docker build -t supertokens-mysql:circleci . 4 | 5 | test_equal () { 6 | if [[ $1 -ne $2 ]] 7 | then 8 | printf "\x1b[1;31merror\x1b[0m from test_equal in $3\n" 9 | exit 1 10 | fi 11 | } 12 | 13 | no_of_running_containers () { 14 | docker ps -q | wc -l 15 | } 16 | 17 | test_hello () { 18 | message=$1 19 | STATUS_CODE=$(curl -I -X GET http://127.0.0.1:3567/hello -o /dev/null -w '%{http_code}\n' -s) 20 | if [[ $STATUS_CODE -ne "200" ]] 21 | then 22 | printf "\x1b[1;31merror\xd1b[0m from test_hello in $message\n" 23 | exit 1 24 | fi 25 | } 26 | 27 | test_session_post () { 28 | message=$1 29 | STATUS_CODE=$(curl -X POST http://127.0.0.1:3567/recipe/session -H "Content-Type: application/json" -d '{ 30 | "userId": "testing", 31 | "userDataInJWT": {}, 32 | "userDataInDatabase": {}, 33 | "enableAntiCsrf": true 34 | }' -o /dev/null -w '%{http_code}\n' -s) 35 | if [[ $STATUS_CODE -ne "200" ]] 36 | then 37 | printf "\x1b[1;31merror\xd1b[0m from test_session_post in $message\n" 38 | exit 1 39 | fi 40 | } 41 | 42 | test_signup_post () { 43 | message=$1 44 | STATUS_CODE=$(curl -X POST http://127.0.0.1:3567/recipe/signup -H "Content-Type: application/json" -d '{ 45 | "email": "testing@testing.test", 46 | "password": "testpassword" 47 | }' -o /dev/null -w '%{http_code}\n' -s) 48 | if [[ $STATUS_CODE -ne "200" ]] 49 | then 50 | printf "\x1b[1;31merror\xd1b[0m from test_signup_post in $message\n" 51 | exit 1 52 | fi 53 | } 54 | 55 | test_signin_post () { 56 | message=$1 57 | STATUS_CODE=$(curl -X POST http://127.0.0.1:3567/recipe/signin -H "Content-Type: application/json" -d '{ 58 | "email": "testing@testing.test", 59 | "password": "testpassword" 60 | }' -o /dev/null -w '%{http_code}\n' -s) 61 | if [[ $STATUS_CODE -ne "200" ]] 62 | then 63 | printf "\x1b[1;31merror\xd1b[0m from test_signin_post in $message\n" 64 | exit 1 65 | fi 66 | } 67 | 68 | test_argon2_hash_format () { 69 | message=$1 70 | result=$(docker exec -it mysql mysql -u root -proot "supertokens" -e "select password_hash from emailpassword_users where email = 'testing@testing.test'") 71 | if [[ "$result" != "$argon2"* ]] # doesn't start with $argon2 72 | then 73 | printf "\x1b[1;31merror\xd1b[0m from test_argon2_hash_format in $message\n" 74 | exit 1 75 | fi 76 | } 77 | 78 | test_not_argon2_hash_format () { 79 | message=$1 80 | result=$(docker exec -it mysql mysql -u root -proot "supertokens" -e "select password_hash from emailpassword_users where email = 'testing@testing.test'") 81 | if [[ "$result" =~ \$argon2* ]] # starts with $argon2 82 | then 83 | printf "\x1b[1;31merror\xd1b[0m from test_not_argon2_hash_format in $message\n" 84 | exit 1 85 | fi 86 | } 87 | 88 | 89 | no_of_containers_running_at_start=`no_of_running_containers` 90 | 91 | # start mysql server 92 | docker run -e DISABLE_TELEMETRY=true --rm -d -p 3306:3306 --name mysql -e MYSQL_ROOT_PASSWORD=root mysql 93 | 94 | sleep 26s 95 | 96 | docker exec mysql mysql -u root --password=root -e "CREATE DATABASE supertokens;" 97 | 98 | # setting network options for testing 99 | OS=`uname` 100 | MYSQL_IP=$(ip a | grep -E "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -v 127.0.0.1 | awk '{ print $2 }' | cut -f2 -d: | head -n1 | grep -o -E "([0-9]{1,3}\.){3}[0-9]{1,3}") 101 | NETWORK_OPTIONS="-p 3567:3567 -e MYSQL_HOST=$MYSQL_IP" 102 | NETWORK_OPTIONS_CONNECTION_URI="-p 3567:3567 -e MYSQL_CONNECTION_URI=mysql://root:root@$MYSQL_IP:3306" 103 | printf "\nmysql_host: \"$MYSQL_IP\"" >> $PWD/config.yaml 104 | 105 | #--------------------------------------------------- 106 | # start with no network options 107 | docker run -e DISABLE_TELEMETRY=true --rm -d --name supertokens supertokens-mysql:circleci --no-in-mem-db 108 | 109 | sleep 10s 110 | 111 | test_equal `no_of_running_containers` $((no_of_containers_running_at_start+1)) "start with no network options" 112 | 113 | #--------------------------------------------------- 114 | # start with no network options, but in mem db 115 | docker run -e DISABLE_TELEMETRY=true -p 3567:3567 --rm -d --name supertokens supertokens-mysql:circleci 116 | 117 | sleep 17s 118 | 119 | test_equal `no_of_running_containers` $((no_of_containers_running_at_start+2)) "start with no network options, but in mem db" 120 | 121 | test_hello "start with no network options, but in mem db" 122 | 123 | test_session_post "start with no network options, but in mem db" 124 | 125 | docker rm supertokens -f 126 | 127 | #--------------------------------------------------- 128 | # start with mysql password 129 | docker run -e DISABLE_TELEMETRY=true $NETWORK_OPTIONS -e MYSQL_PASSWORD=root --rm -d --name supertokens supertokens-mysql:circleci --no-in-mem-db 130 | 131 | sleep 10s 132 | 133 | test_equal `no_of_running_containers` $((no_of_containers_running_at_start+1)) "start with mysql password" 134 | 135 | #--------------------------------------------------- 136 | # start with mysql user 137 | docker run -e DISABLE_TELEMETRY=true $NETWORK_OPTIONS -e MYSQL_USER=root --rm -d --name supertokens supertokens-mysql:circleci --no-in-mem-db 138 | 139 | sleep 10s 140 | 141 | test_equal `no_of_running_containers` $((no_of_containers_running_at_start+1)) "start with mysql user" 142 | 143 | #--------------------------------------------------- 144 | # start with mysql user, mysql password 145 | docker run -e DISABLE_TELEMETRY=true $NETWORK_OPTIONS -e MYSQL_USER=root -e MYSQL_PASSWORD=root --rm -d --name supertokens supertokens-mysql:circleci --no-in-mem-db 146 | 147 | sleep 17s 148 | 149 | test_equal `no_of_running_containers` $((no_of_containers_running_at_start+2)) "start with mysql user, mysql password" 150 | 151 | test_hello "start with mysql user, mysql password" 152 | 153 | test_session_post "start with mysql user, mysql password" 154 | 155 | docker rm supertokens -f 156 | 157 | #--------------------------------------------------- 158 | # start with mysql connectionURI 159 | docker run -e DISABLE_TELEMETRY=true $NETWORK_OPTIONS_CONNECTION_URI --rm -d --name supertokens supertokens-mysql:circleci --no-in-mem-db 160 | 161 | sleep 17s 162 | 163 | test_equal `no_of_running_containers` $((no_of_containers_running_at_start+2)) "start with mysql connectionURI" 164 | 165 | test_hello "start with mysql connectionURI" 166 | 167 | test_session_post "start with mysql connectionURI" 168 | 169 | docker rm supertokens -f 170 | 171 | #--------------------------------------------------- 172 | # start by sharing config.yaml 173 | docker run -e DISABLE_TELEMETRY=true $NETWORK_OPTIONS -v $PWD/config.yaml:/usr/lib/supertokens/config.yaml --rm -d --name supertokens supertokens-mysql:circleci --no-in-mem-db 174 | 175 | sleep 17s 176 | 177 | test_equal `no_of_running_containers` $((no_of_containers_running_at_start+2)) "start by sharing config.yaml" 178 | 179 | test_hello "start by sharing config.yaml" 180 | 181 | test_session_post "start by sharing config.yaml" 182 | 183 | docker rm supertokens -f 184 | 185 | # --------------------------------------------------- 186 | # test info path 187 | #making sure that the user in the container has rights to the mounted volume 188 | mkdir $PWD/sthome 189 | chmod a+rw sthome 190 | 191 | docker run -e DISABLE_TELEMETRY=true $NETWORK_OPTIONS -v $PWD/sthome:/home/supertokens -e MYSQL_USER=root -e MYSQL_PASSWORD=root -e INFO_LOG_PATH=/home/supertokens/info.log -e ERROR_LOG_PATH=/home/supertokens/error.log --rm -d --name supertokens supertokens-mysql:circleci --no-in-mem-db 192 | 193 | sleep 17s 194 | 195 | test_equal `no_of_running_containers` $((no_of_containers_running_at_start+2)) "test info path" 196 | 197 | test_hello "test info path" 198 | 199 | test_session_post "test info path" 200 | 201 | if [[ ! -f $PWD/sthome/info.log || ! -f $PWD/sthome/error.log ]] 202 | then 203 | exit 1 204 | fi 205 | 206 | docker rm supertokens -f 207 | 208 | git checkout $PWD/config.yaml 209 | 210 | #--------------------------------------------------- 211 | # test --read-only 212 | docker run --read-only -e DISABLE_TELEMETRY=true $NETWORK_OPTIONS_CONNECTION_URI --tmpfs=/lib/supertokens/temp/:exec --rm -d --name supertokens supertokens-mysql:circleci --no-in-mem-db 213 | 214 | sleep 17s 215 | 216 | test_equal `no_of_running_containers` $((no_of_containers_running_at_start+2)) "test --read-only" 217 | 218 | test_hello "test --read-only" 219 | 220 | test_session_post "test --read-only" 221 | 222 | test_signup_post "test --read-only" 223 | 224 | test_not_argon2_hash_format "test --read-only" 225 | 226 | test_signin_post "test --read-only" 227 | 228 | docker rm supertokens -f 229 | 230 | #--------------------------------------------------- 231 | # test --read-only ARGON2 232 | docker run --read-only -e DISABLE_TELEMETRY=true $NETWORK_OPTIONS_CONNECTION_URI -e PASSWORD_HASHING_ALG=ARGON2 --tmpfs=/lib/supertokens/temp/:exec --rm -d --name supertokens supertokens-mysql:circleci --no-in-mem-db 233 | 234 | sleep 17s 235 | 236 | test_equal `no_of_running_containers` $((no_of_containers_running_at_start+2)) "test --read-only ARGON2" 237 | 238 | test_hello "test --read-only ARGON2" 239 | 240 | test_session_post "test --read-only ARGON2" 241 | 242 | test_signup_post "test --read-only ARGON2" 243 | 244 | test_argon2_hash_format "test --read-only ARGON2" 245 | 246 | test_signin_post "test --read-only ARGON2" 247 | 248 | docker rm supertokens -f 249 | 250 | docker rm mysql -f 251 | 252 | printf "\x1b[1;32m%s\x1b[0m\n" "success" 253 | exit 0 -------------------------------------------------------------------------------- /updateReadme.js: -------------------------------------------------------------------------------- 1 | const https = require("https") 2 | const fs = require("fs") 3 | 4 | const README = fs.readFileSync("./README.md", {encoding: "utf-8"}); 5 | const data = JSON.stringify({ 6 | full_description: README, 7 | description: "Docker image for SuperTokens with MySQL" 8 | }); 9 | const token = process.env.TOKEN; 10 | const options = { 11 | hostname: "hub.docker.com", 12 | port: 443, 13 | path: "/v2/repositories/supertokens/supertokens-mysql/", 14 | method: "PATCH", 15 | headers: { 16 | "Content-Type": "application/json", 17 | "Content-Length": data.length, 18 | "Authorization": `JWT ${token}` 19 | } 20 | } 21 | 22 | 23 | const req = https.request(options, res => { 24 | console.log(`statusCode: ${res.statusCode}`); 25 | 26 | res.on('data', d => { 27 | process.stdout.write(d); 28 | }); 29 | }) 30 | 31 | req.on('error', error => { 32 | console.error(error) 33 | }); 34 | 35 | req.write(data); 36 | req.end(); --------------------------------------------------------------------------------