netlify/gotrue netlify/gotrue

  • Stars
    star
    3,530
  • Rank 12,046 (Top 0.3 %)
  • Language
    Go
  • License
    MIT License
  • Created almost 8 years ago
  • Updated 8 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
netlify/gotrue
github

netlify

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An SWT based API for managing users and issuing SWT tokens.

GoTrue

User management for APIs

GoTrue is a small open-source API written in Golang, that can act as a self-standing API service for handling user registration and authentication for Jamstack projects.

It's based on OAuth2 and JWT and will handle user signup, authentication and custom user data.

Configuration

You may configure GoTrue using either a configuration file named .env, environment variables, or a combination of both. Environment variables are prefixed with GOTRUE_, and will always have precedence over values provided via file.

Top-Level

GOTRUE_SITE_URL=https://example.netlify.com/

SITE_URL - string required

The base URL your site is located at. Currently used in combination with other settings to construct URLs used in emails.

OPERATOR_TOKEN - string Multi-instance mode only

The shared secret with an operator (usually Netlify) for this microservice. Used to verify requests have been proxied through the operator and the payload values can be trusted.

DISABLE_SIGNUP - bool

When signup is disabled the only way to create new users is through invites. Defaults to false, all signups enabled.

GOTRUE_RATE_LIMIT_HEADER - string

Header on which to rate limit the /token endpoint.

API

GOTRUE_API_HOST=localhost
PORT=9999

API_HOST - string

Hostname to listen on.

PORT (no prefix) / API_PORT - number

Port number to listen on. Defaults to 8081.

API_ENDPOINT - string Multi-instance mode only

Controls what endpoint Netlify can access this API on.

REQUEST_ID_HEADER - string

If you wish to inherit a request ID from the incoming request, specify the name in this value.

Database

GOTRUE_DB_DRIVER=mysql
DATABASE_URL=root@localhost/gotrue

DB_DRIVER - string required

Chooses what dialect of database you want. Must be mysql.

DATABASE_URL (no prefix) / DB_DATABASE_URL - string required

Connection string for the database.

DB_NAMESPACE - string

Adds a prefix to all table names.

Migrations Note

Migrations are not applied automatically, so you will need to run them after you've built gotrue.

  • If built locally: ./gotrue migrate
  • Using Docker: docker run --rm gotrue gotrue migrate

Logging

LOG_LEVEL=debug # available without GOTRUE prefix (exception)
GOTRUE_LOG_FILE=/var/log/go/gotrue.log

LOG_LEVEL - string

Controls what log levels are output. Choose from panic, fatal, error, warn, info, or debug. Defaults to info.

LOG_FILE - string

If you wish logs to be written to a file, set log_file to a valid file path.

Opentracing

Currently, only the Datadog tracer is supported.

GOTRUE_TRACING_ENABLED=true
GOTRUE_TRACING_HOST=127.0.0.1
GOTRUE_TRACING_PORT=8126
GOTRUE_TRACING_TAGS="tag1:value1,tag2:value2"
GOTRUE_SERVICE_NAME="gotrue"

TRACING_ENABLED - bool

Whether tracing is enabled or not. Defaults to false.

TRACING_HOST - bool

The tracing destination.

TRACING_PORT - bool

The port for the tracing host.

TRACING_TAGS - string

A comma separated list of key:value pairs. These key value pairs will be added as tags to all opentracing spans.

SERVICE_NAME - string

The name to use for the service.

JSON Web Tokens (JWT)

GOTRUE_JWT_SECRET=supersecretvalue
GOTRUE_JWT_EXP=3600
GOTRUE_JWT_AUD=netlify

JWT_SECRET - string required

The secret used to sign JWT tokens with.

JWT_EXP - number

How long tokens are valid for, in seconds. Defaults to 3600 (1 hour).

JWT_AUD - string

The default JWT audience. Use audiences to group users.

JWT_ADMIN_GROUP_NAME - string

The name of the admin group (if enabled). Defaults to admin.

JWT_DEFAULT_GROUP_NAME - string

The default group to assign all new users to.

External Authentication Providers

We support bitbucket, github, gitlab, and google for external authentication. Use the names as the keys underneath external to configure each separately.

GOTRUE_EXTERNAL_GITHUB_CLIENT_ID=myappclientid
GOTRUE_EXTERNAL_GITHUB_SECRET=clientsecretvaluessssh

No external providers are required, but you must provide the required values if you choose to enable any.

EXTERNAL_X_ENABLED - bool

Whether this external provider is enabled or not

EXTERNAL_X_CLIENT_ID - string required

The OAuth2 Client ID registered with the external provider.

EXTERNAL_X_SECRET - string required

The OAuth2 Client Secret provided by the external provider when you registered.

EXTERNAL_X_REDIRECT_URI - string required for gitlab

The URI a OAuth2 provider will redirect to with the code and state values.

EXTERNAL_X_URL - string

The base URL used for constructing the URLs to request authorization and access tokens. Used by gitlab only. Defaults to https://gitlab.com.

E-Mail

Sending email is not required, but highly recommended for password recovery. If enabled, you must provide the required values below.

GOTRUE_SMTP_HOST=smtp.mandrillapp.com
GOTRUE_SMTP_PORT=587
GOTRUE_SMTP_USER[email protected]
GOTRUE_SMTP_PASS=correcthorsebatterystaple
GOTRUE_SMTP_ADMIN_EMAIL[email protected]
GOTRUE_MAILER_SUBJECTS_CONFIRMATION="Please confirm"

SMTP_ADMIN_EMAIL - string required

The From email address for all emails sent.

SMTP_HOST - string required

The mail server hostname to send emails through.

SMTP_PORT - number required

The port number to connect to the mail server on.

SMTP_USER - string

If the mail server requires authentication, the username to use.

SMTP_PASS - string

If the mail server requires authentication, the password to use.

SMTP_MAX_FREQUENCY - number

Controls the minimum amount of time that must pass before sending another signup confirmation or password reset email. The value is the number of seconds. Defaults to 900 (15 minutes).

MAILER_AUTOCONFIRM - bool

If you do not require email confirmation, you may set this to true. Defaults to false.

MAILER_URLPATHS_INVITE - string

URL path to use in the user invite email. Defaults to /.

MAILER_URLPATHS_CONFIRMATION - string

URL path to use in the signup confirmation email. Defaults to /.

MAILER_URLPATHS_RECOVERY - string

URL path to use in the password reset email. Defaults to /.

MAILER_URLPATHS_EMAIL_CHANGE - string

URL path to use in the email change confirmation email. Defaults to /.

MAILER_SUBJECTS_INVITE - string

Email subject to use for user invite. Defaults to You have been invited.

MAILER_SUBJECTS_CONFIRMATION - string

Email subject to use for signup confirmation. Defaults to Confirm Your Signup.

MAILER_SUBJECTS_RECOVERY - string

Email subject to use for password reset. Defaults to Reset Your Password.

MAILER_SUBJECTS_EMAIL_CHANGE - string

Email subject to use for email change confirmation. Defaults to Confirm Email Change.

MAILER_TEMPLATES_INVITE - string

URL path to an email template to use when inviting a user. SiteURL, Email, and ConfirmationURL variables are available.

Default Content (if template is unavailable):

<h2>You have been invited</h2>

<p>You have been invited to create a user on {{ .SiteURL }}. Follow this link to accept the invite:</p>
<p><a href="{{ .ConfirmationURL }}">Accept the invite</a></p>

MAILER_TEMPLATES_CONFIRMATION - string

URL path to an email template to use when confirming a signup. SiteURL, Email, and ConfirmationURL variables are available.

Default Content (if template is unavailable):

<h2>Confirm your signup</h2>

<p>Follow this link to confirm your user:</p>
<p><a href="{{ .ConfirmationURL }}">Confirm your mail</a></p>

MAILER_TEMPLATES_RECOVERY - string

URL path to an email template to use when resetting a password. SiteURL, Email, and ConfirmationURL variables are available.

Default Content (if template is unavailable):

<h2>Reset Password</h2>

<p>Follow this link to reset the password for your user:</p>
<p><a href="{{ .ConfirmationURL }}">Reset Password</a></p>

MAILER_TEMPLATES_EMAIL_CHANGE - string

URL path to an email template to use when confirming the change of an email address. SiteURL, Email, NewEmail, and ConfirmationURL variables are available.

Default Content (if template is unavailable):

<h2>Confirm Change of Email</h2>

<p>Follow this link to confirm the update of your email from {{ .Email }} to {{ .NewEmail }}:</p>
<p><a href="{{ .ConfirmationURL }}">Change Email</a></p>

WEBHOOK_URL - string

Url of the webhook receiver endpoint. This will be called when events like validate, signup or login occur.

WEBHOOK_SECRET - string

Shared secret to authorize webhook requests. This secret signs the JSON Web Signature of the request. You should use this to verify the integrity of the request. Otherwise others can feed your webhook receiver with fake data.

WEBHOOK_RETRIES - number

How often GoTrue should try a failed hook.

WEBHOOK_TIMEOUT_SEC - number

Time between retries (in seconds).

WEBHOOK_EVENTS - list

Which events should trigger a webhook. You can provide a comma separated list. For example to listen to all events, provide the values validate,signup,login.

Endpoints

GoTrue exposes the following endpoints:

  • GET /settings

    Returns the publicly available settings for this gotrue instance.

    {
  "external": {
    "bitbucket": true,
    "github": true,
    "gitlab": true,
    "google": true
  },
  "disable_signup": false,
  "autoconfirm": false
}

  • POST /signup

    Register a new user with an email and password.

    {
  "email": "[email protected]",
  "password": "secret"
}

    Returns:

    {
  "id": "11111111-2222-3333-4444-5555555555555",
  "email": "[email protected]",
  "confirmation_sent_at": "2016-05-15T20:49:40.882805774-07:00",
  "created_at": "2016-05-15T19:53:12.368652374-07:00",
  "updated_at": "2016-05-15T19:53:12.368652374-07:00"
}

  • POST /invite

    Invites a new user with an email.

    {
  "email": "[email protected]"
}

    Returns:

    {
  "id": "11111111-2222-3333-4444-5555555555555",
  "email": "[email protected]",
  "confirmation_sent_at": "2016-05-15T20:49:40.882805774-07:00",
  "created_at": "2016-05-15T19:53:12.368652374-07:00",
  "updated_at": "2016-05-15T19:53:12.368652374-07:00",
  "invited_at": "2016-05-15T19:53:12.368652374-07:00"
}

  • POST /verify

    Verify a registration or a password recovery. Type can be signup or recovery and the token is a token returned from either /signup or /recover.

    {
  "type": "signup",
  "token": "confirmation-code-delivered-in-email",
  "password": "12345abcdef"
}

    password is required for signup verification if no existing password exists.

    Returns:

    {
  "access_token": "jwt-token-representing-the-user",
  "token_type": "bearer",
  "expires_in": 3600,
  "refresh_token": "a-refresh-token"
}

  • POST /recover

    Password recovery. Will deliver a password recovery mail to the user based on email address.

    {
  "email": "[email protected]"
}

    Returns:

    {}

  • POST /token

    This is an OAuth2 endpoint that currently implements the password, refresh_token, and authorization_code grant types

    grant_type=password&[email protected]&password=secret

    or

    grant_type=refresh_token&refresh_token=my-refresh-token

    Once you have an access token, you can access the methods requiring authentication by settings the Authorization: Bearer YOUR_ACCESS_TOKEN_HERE header.

    Returns:

    {
  "access_token": "jwt-token-representing-the-user",
  "token_type": "bearer",
  "expires_in": 3600,
  "refresh_token": "a-refresh-token"
}

  • GET /user

    Get the JSON object for the logged in user (requires authentication)

    Returns:

    {
  "id": "11111111-2222-3333-4444-5555555555555",
  "email": "[email protected]",
  "confirmation_sent_at": "2016-05-15T20:49:40.882805774-07:00",
  "created_at": "2016-05-15T19:53:12.368652374-07:00",
  "updated_at": "2016-05-15T19:53:12.368652374-07:00"
}

  • PUT /user

    Update a user (Requires authentication). Apart from changing email/password, this method can be used to set custom user data.

    {
  "email": "[email protected]",
  "password": "new-password",
  "data": {
    "key": "value",
    "number": 10,
    "admin": false
  }
}

    Returns:

    {
  "id": "11111111-2222-3333-4444-5555555555555",
  "email": "[email protected]",
  "confirmation_sent_at": "2016-05-15T20:49:40.882805774-07:00",
  "created_at": "2016-05-15T19:53:12.368652374-07:00",
  "updated_at": "2016-05-15T19:53:12.368652374-07:00"
}

  • POST /logout

    Logout a user (Requires authentication).

    This will revoke all refresh tokens for the user. Remember that the JWT tokens will still be valid for stateless auth until they expire.

TODO

  • Schema for custom user data in config file

More Repositories

1

netlify-cms

A Git-based CMS for Static Site Generators
JavaScript
16,192
star
2

staticgen

StaticGen.com, A leaderboard of top open-source static site generators
JavaScript
2,471
star
3

cli

Netlify Command Line Interface
TypeScript
1,543
star
4

gocommerce

A headless e-commerce for JAMstack sites.
Go
1,465
star
5

netlify-identity-widget

A zero config, framework free Netlify Identity widget
JavaScript
735
star
6

next-on-netlify

Build and deploy Next.js applications with Server-Side Rendering on Netlify!
JavaScript
720
star
7

headlesscms.org

Source for headlesscms.org
JavaScript
628
star
8

netlify-lambda

Helps building and serving lambda functions locally and in CI environments
JavaScript
601
star
9

next-runtime

The Next.js Runtime allows Next.js to run on Netlify with zero configuration
TypeScript
575
star
10

functions.netlify.com

Tutorials, examples, workshops and a playground for serverless with Netlify Functions
SCSS
515
star
11

build-image

This is the build image used for running automated builds
Shell
498
star
12

gotrue-js

JavaScript client library for GoTrue
JavaScript
457
star
13

create-react-app-lambda

JavaScript
414
star
14

netlify-faunadb-example

Using FaunaDB with netlify functions
JavaScript
388
star
15

actions

Shell
360
star
16

git-gateway

A Gateway to Git APIs
Go
355
star
17

zip-it-and-ship-it

Intelligently prepare Node.js Lambda functions for deployment
JavaScript
305
star
18

gotell

Netlify Comments is an API and build tool for handling large amounts of comments for JAMstack products
Go
276
star
19

explorers

JavaScript
262
star
20

million-devs

Microsite for the 1 Million Developers announcement.
Vue
250
star
21

netlify-statuskit

Netlify StatusKit is a template to deploy your own Status pages on Netlify.
HTML
237
star
22

open-api

Open API specification of Netlify's API
Go
234
star
23

js-client

A Open-API derived JS + Node.js API client for Netlify
JavaScript
214
star
24

build

Netlify Build (node process) runs the build command, Build Plugins and bundles Netlify Functions. Can be run in Buildbot or locally using Netlify CLI
TypeScript
207
star
25

netlify-plugin-lighthouse

Netlify Plugin to run Lighthouse on each build
JavaScript
198
star
26

netlifyctl

Go
178
star
27

netlify-dev-plugin

Local dev server with functions, rules engine and add-on support
JavaScript
176
star
28

framework-info

Framework detection utility
JavaScript
136
star
29

jekyll-srcset

Dead simple responsive images for jekyll
Ruby
136
star
30

gocommerce-js

A gocommerce client library
JavaScript
130
star
31

jekyll-gdrive

Access a Google Drive Spreadsheet from your Jekyll templates
Ruby
116
star
32

plugins

Netlify plugins directory.
JavaScript
95
star
33

prerender

Automatically rendering JS-driven pages for crawlers and social sharing
JavaScript
94
star
34

netlify-playground

89
star
35

netlify-plugin-gatsby

A build plugin to integrate Gatsby seamlessly with Netlify
TypeScript
88
star
36

code-examples

Code snippets for customers
HTML
87
star
37

labs

Documentation and samples for Netlify Labs features.
76
star
38

templates

This is board to showcase templates and boilerplates https://templates.netlify.com
Nunjucks
76
star
39

vue-cli-plugin-netlify-lambda

Netlify Lambda plugin for Vue CLI
JavaScript
76
star
40

remix-template

Deploy your Remix site to Netlify Edge Functions
JavaScript
73
star
41

netlify-cms-widget-starter

A boilerplate for creating Netlify CMS widgets.
JavaScript
73
star
42

classnames-template-literals

Small utility to format long classnames with template literals
JavaScript
70
star
43

gotiator

A tiny JWT based API gateway
Go
70
star
44

matterday.netlify.com

A site that asks us what we could do with more time.
CSS
70
star
45

react-server-components-demo

Minimal implementation on server components via Netlify functions
JavaScript
67
star
46

edge-functions-examples

Explore a library of reference examples for learning about Edge Functions on Netlify.
JavaScript
67
star
47

binrc

Binrc is a command line application to manage different versions of binaries stored on GitHub releases.
Makefile
52
star
48

next-on-netlify-demo

Demo of a Next.js app with Server-Side Rendering on Netlify
JavaScript
52
star
49

go-functions-example

Go
49
star
50

petsofnetlify

pets of netlifiers
Nunjucks
47
star
51

full-react-server-demo

JavaScript
45
star
52

rust-functions-example

Deploy Rust lambda functions on Netlify
Rust
45
star
53

culture-handbook

The philosophy and values of Netlify's diverse, globally distributed workforce
44
star
54

gojoin

Mini API wrapping Stripes Subscriptions for Single Page Aps and JAMstack sites
Go
41
star
55

netlify-git-api

Go
41
star
56

gatsby-parallel-runner

JavaScript
38
star
57

functions

JavaScript and TypeScript utilities for Netlify Functions.
TypeScript
38
star
58

elastinats

Go
36
star
59

netlify-photo-gallery

HTML
35
star
60

gocommerce-admin

Admin UI for Netlify Commerce
JavaScript
35
star
61

addons

Netlify add-on documentation
34
star
62

ask-netlify

A place to submit questions for Netlify to answer in tutorials, podcasts and blog posts
HTML
34
star
63

netlify-auth-demo

Demo for integrating GitHub OAuth with a Netlify site
HTML
33
star
64

explorers-up-and-running-with-serverless-functions

Free resource for learning how to use serverless functions!
HTML
31
star
65

hydrogen-netlify-starter

Get started with Hydrogen on Netlify
JavaScript
31
star
66

build-plugin-template

Template repository to create new Netlify Build plugins.
JavaScript
30
star
67

twickr

Twickr lets you send tweets of interest from Twitter to Slack
Go
30
star
68

remix-compute

Remix adapter and server runtime for Netlify
TypeScript
29
star
69

www-post-scheduler

This is a serverless function to auto publish blog posts
JavaScript
28
star
70

postcss-fout-with-a-class

Rewrite all selectors that will trigger a font load to be scoped under a class
JavaScript
28
star
71

micro-api-client

Small library for talking to micro REST APIs (not related to Netlify's main API)
JavaScript
28
star
72

next-edge-middleware

JavaScript
27
star
73

vue-lambda-starter

Starter Template for Vue + AWS Lambda with Netlify
Vue
27
star
74

netlify-browser-extension

netlify-chrome-extension
JavaScript
26
star
75

make-wp-epic

Migration tool for moving from WordPress to Victor Hugo
JavaScript
26
star
76

hydrogen-platform

Hydrogen support for Netlify Edge Functions
TypeScript
26
star
77

netlify-redirect-parser

Library for parsing Netlify redirects
JavaScript
23
star
78

next-react-server-components

JavaScript
22
star
79

netlify-auth-providers

JS library to use Netlify's OAuth providers
JavaScript
22
star
80

explorers-composition-api

Learn how the Composition API works in this Jamstack Explorers mission!
Vue
20
star
81

vite-plugin-netlify-edge

Netlify Edge Function support for Vite
TypeScript
19
star
82

angular-runtime

The Angular Runtime allows Angular to run on Netlify with zero configuration
JavaScript
18
star
83

mailme

MailMe sends mails with stylish templates
Go
18
star
84

eslint-config-node

ESLint, Prettier and Editorconfig shared by Netlify's Node.js projects
JavaScript
18
star
85

slate-markdown-serializer

JavaScript
17
star
86

delta-action

A GitHub Action for capturing benchmark data and tracking its variation against a baseline
JavaScript
17
star
87

netlify-credential-helper

Git credential helper to use Netlify's API as authentication backend
Go
16
star
88

netlify-cms-www

Former repo for netlifycms.org. Moved to the code repo at
CSS
15
star
89

go-client

Depreciated repo: home of the old go client. See netlify/open-api for the new home of the go client
Go
15
star
90

verify-okta

Small Lambda function for verifying and gating content with Okta
Go
14
star
91

netlify-oauth-example

JavaScript
14
star
92

fauna-one-click

Moved https://github.com/netlify/netlify-faunadb-example
JavaScript
13
star
93

screenshot

Take screenshots of websites
Shell
13
star
94

netlify-comments-starter

Start project for Netlify Comments
13
star
95

node-template

Netlify's Node.js repository template
Python
13
star
96

godoc-static

Generates static HTML of documentation of Go libraries
Go
12
star
97

streamer

tail files and send them to nats
Go
12
star
98

edge-bundler

Intelligently prepare Netlify Edge Functions for deployment
TypeScript
12
star
99

ruby-client

Netlify API client for Ruby
Ruby
11
star
100

gatsby-plugin-netlify

Gatsby plugin. Automatically generates a _headers file and a _redirects file at the root of the public folder to configure HTTP headers and redirects on Netlify.
TypeScript
11
star