fix: deprecate hooks (#1421)

## What kind of change does this PR introduce? Follow up to #1417 which removes the code which is involved as well as the environment variables. Should only be merged after #1417 has had time to sit for a few days --------- Co-authored-by: joel <joel@joels-MacBook-Pro.local>
supabase · Feb 15, 2024 · effef1b · effef1b
1 parent 95db770
commit effef1b
Show file tree

Hide file tree

Showing 12 changed files with 1 addition and 660 deletions.
diff --git a/README.md b/README.md
@@ -660,28 +660,6 @@ Default Content (if template is unavailable):
 <p><a href="{{ .ConfirmationURL }}">Change Email</a></p>
 ```
 
-> ⚠️ As of 12th Feb 2024, Webhooks are deprecated and will be removed in the next release. We will be replacing the existing Webhooks implementation with a similar HTTP Hook system in the coming weeks.
-
-`WEBHOOK_URL` - `string`
-
-Url of the webhook receiver endpoint. This will be called when events like `validate`, `signup` or `login` occur.
-
-`WEBHOOK_SECRET` - `string`
-
-Shared secret to authorize webhook requests. This secret signs the [JSON Web Signature](https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41) of the request. You _should_ use this to verify the integrity of the request. Otherwise others can feed your webhook receiver with fake data.
-
-`WEBHOOK_RETRIES` - `number`
-
-How often Auth should try a failed hook.
-
-`WEBHOOK_TIMEOUT_SEC` - `number`
-
-Time between retries (in seconds).
-
-`WEBHOOK_EVENTS` - `list`
-
-Which events should trigger a webhook. You can provide a comma separated list.
-For example to listen to all events, provide the values `validate,signup,login`.
 
 ### Phone Auth
 

diff --git a/example.env b/example.env
@@ -213,13 +213,6 @@ GOTRUE_OPERATOR_TOKEN="unused-operator-token"
 GOTRUE_RATE_LIMIT_HEADER="X-Forwarded-For"
 GOTRUE_RATE_LIMIT_EMAIL_SENT="100"
 
-# Webhook config
-GOTRUE_WEBHOOK_URL=http://register-lambda:3000/
-GOTRUE_WEBHOOK_SECRET=test_secret
-GOTRUE_WEBHOOK_RETRIES=5
-GOTRUE_WEBHOOK_TIMEOUT_SEC=3
-GOTRUE_WEBHOOK_EVENTS=validate,signup,login
-
 # Cookie config 
 GOTRUE_COOKIE_KEY="sb"
 GOTRUE_COOKIE_DOMAIN="localhost"

diff --git a/internal/api/api.go b/internal/api/api.go
@@ -66,9 +66,6 @@ func (a *API) deprecationNotices(ctx context.Context) {
 	if config.JWT.DefaultGroupName != "" {
 		log.Warn("DEPRECATION NOTICE: GOTRUE_JWT_DEFAULT_GROUP_NAME not supported by Supabase's GoTrue, will be removed soon")
 	}
-	if config.Webhook.URL != "" {
-		log.Warn("DEPRECATION NOTICE: GOTRUE_WEBHOOK_URL not supported by Supabase's GoTrue, all GOTRUE_WEBHOOK related configuration will be removed after v2.139.2")
-	}
 }
 
 // NewAPIWithVersion creates a new REST API using the specified version

diff --git a/internal/api/context.go b/internal/api/context.go
@@ -195,16 +195,6 @@ func getExternalReferrer(ctx context.Context) string {
 	return obj.(string)
 }
 
-// getFunctionHooks reads the request ID from the context.
-func getFunctionHooks(ctx context.Context) map[string][]string {
-	obj := ctx.Value(functionHooksKey)
-	if obj == nil {
-		return map[string][]string{}
-	}
-
-	return obj.(map[string][]string)
-}
-
 // withAdminUser adds the admin user to the context.
 func withAdminUser(ctx context.Context, u *models.User) context.Context {
 	return context.WithValue(ctx, adminUserKey, u)

diff --git a/internal/api/external.go b/internal/api/external.go
@@ -375,10 +375,6 @@ func (a *API) createAccountFromExternalIdentity(tx *storage.Connection, r *http.
 			}); terr != nil {
 				return nil, terr
 			}
-			if terr = triggerEventHooks(ctx, tx, SignupEvent, user, config); terr != nil {
-				return nil, terr
-			}
-
 			// fall through to auto-confirm and issue token
 			if terr = user.Confirm(tx); terr != nil {
 				return nil, internalServerError("Error updating user").WithInternalError(terr)
@@ -410,16 +406,12 @@ func (a *API) createAccountFromExternalIdentity(tx *storage.Connection, r *http.
 		}); terr != nil {
 			return nil, terr
 		}
-		if terr = triggerEventHooks(ctx, tx, LoginEvent, user, config); terr != nil {
-			return nil, terr
-		}
 	}
 
 	return user, nil
 }
 
 func (a *API) processInvite(r *http.Request, ctx context.Context, tx *storage.Connection, userData *provider.UserProvidedData, inviteToken, providerType string) (*models.User, error) {
-	config := a.config
 	user, err := models.FindUserByConfirmationToken(tx, inviteToken)
 	if err != nil {
 		if models.IsNotFoundError(err) {
@@ -467,9 +459,6 @@ func (a *API) processInvite(r *http.Request, ctx context.Context, tx *storage.Co
 	}); err != nil {
 		return nil, err
 	}
-	if err := triggerEventHooks(ctx, tx, SignupEvent, user, config); err != nil {
-		return nil, err
-	}
 
 	// an account with a previously unconfirmed email + password
 	// combination or phone may exist. so now that there is an

diff --git a/internal/api/hook_test.go b/internal/api/hook_test.go