fix(config): block env overrides for internal fields

Author: 20000419

pkg/config/config.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	_ "embed"
+	"encoding"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -16,13 +17,15 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"reflect"
 	"regexp"
 	"slices"
 	"sort"
 	"strconv"
 	"strings"
 	"text/template"
 	"time"
+	"unicode"
 
 	"github.com/BurntSushi/toml"
 	"github.com/docker/go-units"
@@ -458,17 +461,16 @@ func (c *config) Eject(w io.Writer) error {
 
 // Loads custom config file to struct fields tagged with toml.
 func (c *config) loadFromFile(filename string, fsys fs.FS) error {
-	v := viper.NewWithOptions(
-		viper.ExperimentalBindStruct(),
-		viper.EnvKeyReplacer(strings.NewReplacer(".", "_")),
-	)
+	v := viper.New()
 	v.SetEnvPrefix("SUPABASE")
-	v.AutomaticEnv()
 	if err := c.mergeDefaultValues(v); err != nil {
 		return err
 	} else if err := mergeFileConfig(v, filename, fsys); err != nil {
 		return err
 	}
+	if err := bindUserConfigEnv(v, reflect.TypeOf(*c), ""); err != nil {
+		return err
+	}
 	// Find [remotes.*] block to override base config
 	idToName := map[string]string{}
 	for name, remote := range v.GetStringMap("remotes") {
@@ -488,6 +490,62 @@ func (c *config) loadFromFile(filename string, fsys fs.FS) error {
 	return c.load(v)
 }
 
+func bindUserConfigEnv(v *viper.Viper, t reflect.Type, prefix string) error {
+	textUnmarshaler := reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem()
+	for i := 0; i < t.NumField(); i++ {
+		field := t.Field(i)
+		if field.PkgPath != "" {
+			continue
+		}
+		if field.Anonymous {
+			if err := bindUserConfigEnv(v, field.Type, prefix); err != nil {
+				return err
+			}
+			continue
+		}
+		if tag := strings.Split(field.Tag.Get("toml"), ",")[0]; tag == "-" {
+			continue
+		}
+		key := strings.Split(field.Tag.Get("json"), ",")[0]
+		if key == "-" {
+			continue
+		} else if key == "" {
+			key = toSnakeCase(field.Name)
+		}
+		if len(prefix) > 0 {
+			key = prefix + "." + key
+		}
+		fieldType := field.Type
+		if fieldType.Kind() == reflect.Ptr {
+			fieldType = fieldType.Elem()
+		}
+		if fieldType.Kind() == reflect.Struct && !fieldType.Implements(textUnmarshaler) && !reflect.PointerTo(fieldType).Implements(textUnmarshaler) {
+			if err := bindUserConfigEnv(v, fieldType, key); err != nil {
+				return err
+			}
+			continue
+		}
+		if err := v.BindEnv(key); err != nil {
+			return errors.Errorf("failed to bind env override for %s: %w", key, err)
+		}
+	}
+	return nil
+}
+
+func toSnakeCase(s string) string {
+	var b strings.Builder
+	for i, r := range s {
+		if unicode.IsUpper(r) {
+			if i > 0 {
+				b.WriteByte('_')
+			}
+			r = unicode.ToLower(r)
+		}
+		b.WriteRune(r)
+	}
+	return b.String()
+}
+
 func (c *config) mergeDefaultValues(v *viper.Viper) error {
 	v.SetConfigType("toml")
 	var buf bytes.Buffer

pkg/config/config_test.go

@@ -154,6 +154,21 @@ func TestRemoteOverride(t *testing.T) {
 	})
 }
 
+func TestEnvOverridesSkipInternalFields(t *testing.T) {
+	config := NewConfig()
+	fsys := fs.MapFS{
+		"supabase/config.toml":           &fs.MapFile{Data: testInitConfigEmbed},
+		"supabase/templates/invite.html": &fs.MapFile{},
+	}
+	t.Setenv("SUPABASE_HOSTNAME", "evil.example.com")
+	t.Setenv("SUPABASE_AUTH_SITE_URL", "http://preview.com")
+	t.Setenv("AUTH_SEND_SMS_SECRETS", "v1,whsec_aWxpa2VzdXBhYmFzZXZlcnltdWNoYW5kaWhvcGV5b3Vkb3Rvbw==")
+
+	require.NoError(t, config.Load("", fsys))
+	assert.Equal(t, "127.0.0.1", config.Hostname)
+	assert.Equal(t, "http://preview.com", config.Auth.SiteUrl)
+}
+
 func TestFileSizeLimitConfigParsing(t *testing.T) {
 	t.Run("test file size limit parsing number", func(t *testing.T) {
 		var testConfig config