From e0ee868c64cab5c74d04560046feebf087b9f1fb Mon Sep 17 00:00:00 2001
From: drpsyko101 <drpsyko101@gmail.com>
Date: Sat, 13 Apr 2024 21:50:30 +0800
Subject: [PATCH] Fix JWT expiry value not being parsed

---
 charts/supabase/templates/rest/deployment.yaml | 6 +++---
 charts/supabase/templates/secrets/db.yaml      | 2 +-
 charts/supabase/templates/test/secretrefs.yaml | 1 -
 charts/supabase/values.yaml                    | 4 ++--
 4 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/charts/supabase/templates/rest/deployment.yaml b/charts/supabase/templates/rest/deployment.yaml
index 8fc7fd6..e877fa6 100644
--- a/charts/supabase/templates/rest/deployment.yaml
+++ b/charts/supabase/templates/rest/deployment.yaml
@@ -85,15 +85,15 @@ spec:
                   name: {{ include "supabase.secret.jwt" . }}
                   key: secret
                   {{- end }}
-            - name: JWT_EXPIRY
+            - name: PGRST_APP_SETTINGS_JWT_SECRET
               valueFrom:
                 secretKeyRef:
                   {{- if .Values.secret.jwt.secretRef }}
                   name: {{ .Values.secret.jwt.secretRef }}
-                  key: {{ .Values.secret.jwt.secretRefKey.expiry | default "expiry" }}
+                  key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }}
                   {{- else }}
                   name: {{ include "supabase.secret.jwt" . }}
-                  key: expiry
+                  key: secret
                   {{- end }}
           {{- with .Values.rest.livenessProbe }}
           livenessProbe:
diff --git a/charts/supabase/templates/secrets/db.yaml b/charts/supabase/templates/secrets/db.yaml
index 5128699..8cd9791 100644
--- a/charts/supabase/templates/secrets/db.yaml
+++ b/charts/supabase/templates/secrets/db.yaml
@@ -9,7 +9,7 @@ type: Opaque
 data:
 {{- range $key, $value := .Values.secret.db }}
 {{- if $value }}
-{{- if eq (typeOf $value) "string" }}
+{{- if or (eq (typeOf $value) "string") (eq (typeOf $value) "numeric") }}
   {{ $key }}: {{ $value | b64enc }}
 {{- end }}
 {{- end }}
diff --git a/charts/supabase/templates/test/secretrefs.yaml b/charts/supabase/templates/test/secretrefs.yaml
index 50a0558..51245ac 100644
--- a/charts/supabase/templates/test/secretrefs.yaml
+++ b/charts/supabase/templates/test/secretrefs.yaml
@@ -14,7 +14,6 @@ data:
   anonKey: ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5QWdDaUFnSUNBaWNtOXNaU0k2SUNKaGJtOXVJaXdLSUNBZ0lDSnBjM01pT2lBaWMzVndZV0poYzJVdFpHVnRieUlzQ2lBZ0lDQWlhV0YwSWpvZ01UWTBNVGMyT1RJd01Dd0tJQ0FnSUNKbGVIQWlPaUF4TnprNU5UTTFOakF3Q24wLmRjX1g1aVJfVlBfcVQwenNpeWpfSV9PWjJUOUZ0UlUyQkJOV044QnU0R0U=
   serviceKey: ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5QWdDaUFnSUNBaWNtOXNaU0k2SUNKelpYSjJhV05sWDNKdmJHVWlMQW9nSUNBZ0ltbHpjeUk2SUNKemRYQmhZbUZ6WlMxa1pXMXZJaXdLSUNBZ0lDSnBZWFFpT2lBeE5qUXhOelk1TWpBd0xBb2dJQ0FnSW1WNGNDSTZJREUzT1RrMU16VTJNREFLZlEuRGFZbE5Fb1VyckVuMklnN3RxaWJTLVBISzV2Z3VzYmNibzdYMzZYVnQ0UQ==
   secret: eW91ci1zdXBlci1zZWNyZXQtand0LXRva2VuLXdpdGgtYXQtbGVhc3QtMzItY2hhcmFjdGVycy1sb25n
-  expiry: MzYwMA==
 {{- end }}
 {{- if .Values.secret.smtp.secretRef }}
 ---
diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml
index 9f8e379..62dbe13 100644
--- a/charts/supabase/values.yaml
+++ b/charts/supabase/values.yaml
@@ -21,7 +21,6 @@ secret:
     anonKey: ""
     serviceKey: ""
     secret: ""
-    expiry: 3600
     # specify existing secret, which takes precedence over variables above
     secretRef: ""
     # override secret keys for existing secret refs
@@ -29,7 +28,6 @@ secret:
       anonKey: anonKey
       serviceKey: serviceKey
       secret: secret
-      expiry: expiry
   # database credentials
   # these fields must be provided even if using external database
   db:
@@ -125,6 +123,7 @@ db:
     POSTGRES_HOST: /var/run/postgresql
     PGPORT: "5432"
     POSTGRES_PORT: "5432"
+    JWT_EXP: 3600
     # POSTGRES_HOST_AUTH_METHOD: md5
     # Enable SSL for postgres by specifying paths for mounted certificate key pair
     # POSTGRES_SSL_CERT: /path/to/ssl/server.crt
@@ -388,6 +387,7 @@ rest:
     PGRST_DB_SCHEMAS: public,storage,graphql_public
     PGRST_DB_ANON_ROLE: anon
     PGRST_DB_USE_LEGACY_GUCS: false
+    PGRST_APP_SETTINGS_JWT_EXP: 3600
   # volumeMounts:
   #   - name: volume_name
   #     mountPath: /path/to/my/secret
-- 
GitLab