Prod deploy

internal/db/reset/reset.go

@@ -54,11 +54,13 @@ func Run(ctx context.Context, version string, config pgconn.Config, fsys afero.F
 		return err
 	}
 	// Seed objects from supabase/buckets directory
-	if err := start.WaitForHealthyService(ctx, 30*time.Second, utils.StorageId); err != nil {
-		return err
-	}
-	if err := buckets.Run(ctx, "", false, fsys); err != nil {
-		return err
+	if utils.Config.Storage.Enabled {
+		if err := start.WaitForHealthyService(ctx, 30*time.Second, utils.StorageId); err != nil {
+			return err
+		}
+		if err := buckets.Run(ctx, "", false, fsys); err != nil {
+			return err
+		}
 	}
 	branch := keys.GetGitBranch(fsys)
 	fmt.Fprintln(os.Stderr, "Finished "+utils.Aqua("supabase db reset")+" on branch "+utils.Aqua(branch)+".")

internal/start/start.go

@@ -512,6 +512,7 @@ EOF
 			fmt.Sprintf("GOTRUE_SECURITY_REFRESH_TOKEN_ROTATION_ENABLED=%v", utils.Config.Auth.EnableRefreshTokenRotation),
 			fmt.Sprintf("GOTRUE_SECURITY_REFRESH_TOKEN_REUSE_INTERVAL=%v", utils.Config.Auth.RefreshTokenReuseInterval),
 			fmt.Sprintf("GOTRUE_SECURITY_MANUAL_LINKING_ENABLED=%v", utils.Config.Auth.EnableManualLinking),
+			fmt.Sprintf("GOTRUE_SECURITY_UPDATE_PASSWORD_REQUIRE_REAUTHENTICATION=%v", utils.Config.Auth.Email.SecurePasswordChange),
 			fmt.Sprintf("GOTRUE_MFA_PHONE_ENROLL_ENABLED=%v", utils.Config.Auth.MFA.Phone.EnrollEnabled),
 			fmt.Sprintf("GOTRUE_MFA_PHONE_VERIFY_ENABLED=%v", utils.Config.Auth.MFA.Phone.VerifyEnabled),
 			fmt.Sprintf("GOTRUE_MFA_TOTP_ENROLL_ENABLED=%v", utils.Config.Auth.MFA.TOTP.EnrollEnabled),

pkg/config/config.go

@@ -290,6 +290,7 @@ type (
 		EnableSignup         bool                     `toml:"enable_signup"`
 		DoubleConfirmChanges bool                     `toml:"double_confirm_changes"`
 		EnableConfirmations  bool                     `toml:"enable_confirmations"`
+		SecurePasswordChange bool                     `toml:"secure_password_change"`
 		Template             map[string]emailTemplate `toml:"template"`
 		Smtp                 smtp                     `toml:"smtp"`
 		MaxFrequency         time.Duration            `toml:"max_frequency"`
@@ -1143,7 +1144,7 @@ func (a *auth) ResolveJWKS(ctx context.Context) (string, error) {
 
 		t := &http.Client{Timeout: 10 * time.Second}
 		client := fetcher.NewFetcher(
-			issuerURL,
+			discoveryURL,
 			fetcher.WithHTTPClient(t),
 			fetcher.WithExpectedStatus(http.StatusOK),
 		)

pkg/config/constants.go

@@ -12,11 +12,11 @@ const (
 	pgmetaImage      = "supabase/postgres-meta:v0.83.2"
 	studioImage      = "supabase/studio:20240729-ce42139"
 	imageProxyImage  = "darthsim/imgproxy:v3.8.0"
-	edgeRuntimeImage = "supabase/edge-runtime:v1.56.1"
+	edgeRuntimeImage = "supabase/edge-runtime:v1.58.2"
 	vectorImage      = "timberio/vector:0.28.1-alpine"
 	supavisorImage   = "supabase/supavisor:1.1.56"
 	gotrueImage      = "supabase/gotrue:v2.158.1"
-	realtimeImage    = "supabase/realtime:v2.30.23"
+	realtimeImage    = "supabase/realtime:v2.30.34"
 	storageImage     = "supabase/storage-api:v1.10.1"
 	logflareImage    = "supabase/logflare:1.4.0"
 	// Append to JobImages when adding new dependencies below

pkg/config/templates/config.toml

@@ -109,6 +109,8 @@ enable_signup = true
 double_confirm_changes = true
 # If enabled, users need to confirm their email address before signing in.
 enable_confirmations = false
+# If enabled, users will need to reauthenticate or have logged in recently to change their password.
+secure_password_change = false
 # Controls the minimum amount of time that must pass before sending another signup confirmation or password reset email.
 max_frequency = "1s"