MCPcopy Index your code
hub / github.com/supabase/auth / requireAdminCredentials

Method requireAdminCredentials

internal/api/middleware.go:187–224  ·  view source on GitHub ↗
(w http.ResponseWriter, req *http.Request)

Source from the content-addressed store, hash-verified

185}
186
187func (a *API) requireAdminCredentials(w http.ResponseWriter, req *http.Request) (context.Context, error) {
188 t, err := a.extractBearerToken(req)
189 if err != nil || t == "" {
190 return nil, err
191 }
192
193 ctx, err := a.parseJWTClaims(t, req)
194 if err != nil {
195 return nil, err
196 }
197
198 // If the token references a real user session, confirm the session
199 // still exists and is valid in the DB — a JWT remains usable past
200 // logout or revocation otherwise. Sessionless admin tokens (e.g.
201 // service_role) skip this check.
202 claims := getClaims(ctx)
203 if claims != nil && claims.SessionId != "" && claims.SessionId != uuid.Nil.String() {
204 ctx, err = a.maybeLoadUserOrSession(ctx)
205 if err != nil {
206 return nil, err
207 }
208
209 session := getSession(ctx)
210 user := getUser(ctx)
211 if session != nil && user != nil {
212 validity := session.CheckValidity(models.SessionValidityConfig{
213 Timebox: a.config.Sessions.Timebox,
214 InactivityTimeout: a.config.Sessions.InactivityTimeout,
215 AllowLowAAL: a.config.Sessions.AllowLowAAL,
216 }, time.Now(), nil, user.HighestPossibleAAL())
217 if validity != models.SessionValid {
218 return nil, apierrors.NewForbiddenError(apierrors.ErrorCodeSessionExpired, "Session is no longer valid")
219 }
220 }
221 }
222
223 return a.requireAdmin(ctx)
224}
225
226func (a *API) requireEmailProvider(w http.ResponseWriter, req *http.Request) (context.Context, error) {
227 ctx := req.Context()

Callers 2

verifyCaptchaMethod · 0.95

Calls 12

extractBearerTokenMethod · 0.95
parseJWTClaimsMethod · 0.95
requireAdminMethod · 0.95
NewForbiddenErrorFunction · 0.92
getClaimsFunction · 0.85
getSessionFunction · 0.85
getUserFunction · 0.85
CheckValidityMethod · 0.80
NowMethod · 0.80
HighestPossibleAALMethod · 0.80
StringMethod · 0.45