Undocumented required configuration "API_EXTERNAL_URL"

[aurifi]

Bug report

• I confirm this is a bug with Supabase, not with my own application.
• I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

It seems like using GoTrue with the minimal configuration is not possible. While performing e.g. a request to login a user the following message is logged:
{"component":"api","level":"warning","method":"POST","msg":"parse \"\": empty url","path":"/token","referer":"$REFERRER","remote_addr":"$IP","request_url":"","time":"2023-07-21T09:31:17Z","timestamp":"2023-07-21T09:31:17Z"} and the request returns with a http 500.

The reason for this behaviour is that API_EXTERNAL_URL is not set but seems to be necessary (although it is allowed to be empty according to internal/conf/configuration.go )

Furthermore the readme does not refer to this parameter at all or mark this parameter as required.

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

1. Clone the repository
2. Rename example.docker.env to .env.docker
3. Run docker-compose -f docker-compose-dev.yml up and wait for the application to start
4. Perform a request to POST http://localhost:9999/token?grant_type=password with any email and password as payload
5. See error

Expected behavior

• There is no error, as API_EXTERNAL_URL is a required configuration (thus also it would need to be checked why this might be empty in tests...)
• API_EXTERNAL_URL is referenced in the documentation
• API_EXTERNAL_URL is part of all example configurations

System information

• OS: Windows WSL2 (Ubuntu 22.04.2)
• Version of gotrue: 2.84.0

[aurifi]

On a similar note there are more things which I noticed while setting Gotrue up.

• Additionally to the parameters which are described in the readme as required for E-Mail signup at least the parameter GOTRUE_URLPATHS_CONFIRMATION needs to be set. (Most likely also *_INVITE , *_RECOVERY and *_EMAIL_CHANGE)
• The parameters mentioned in the point above currently default to "/" which does not lead to a working setup. For Gotrue as standalone application the default seems to be "/verify" which does not seem to be mentioned anywhere.
• The parameters under the mailer configuration do not use the GOTRUE_* prefix in the readme. I didn't check whether this prefix is required here, but at least in the example files the prefix is set. IMO the consistency could be improved here to avoid errors in the future.

I guess these points depend on whether Gotrue is planned to be used as standalone application without the full supabase stack. If that's the case give me a sign and I might attempt to improve the points mentioned in this issue :)

[kangmingtay]

Hey @szczepad, thanks for pointing out these issues! wrt to your question:

Gotrue is planned to be used as standalone application without the full supabase stack

Yes! gotrue can be used as a standalone application and you can self-host it without supabase. We'd welcome any help with improving the docs around this.

[aurifi]

Hey @kangmingtay !
Thanks for the clarification. I've created a PR for the mentioned topics. Feel free to comment. :)

However I didn't add the GOTRUE_ prefix to the values in the documentation as those do not seem to be set explicitely as envvars in configuration.go and I'm not sure whether this prefix might break settings in this scenario as there seems to be some implicit stuff going on in the envconfig lib. (See kelseyhightower/envconfig#148 )