supabase
diff --git a/‎cmd/root.go
Lines changed: 6 additions & 2 deletions b/‎cmd/root.go
Lines changed: 6 additions & 2 deletions
diff --git a/‎go.mod
Lines changed: 6 additions & 1 deletion b/‎go.mod
Lines changed: 6 additions & 1 deletion
diff --git a/‎go.sum
Lines changed: 12 additions & 0 deletions b/‎go.sum
Lines changed: 12 additions & 0 deletions
diff --git a/‎internal/bootstrap/bootstrap_test.go
Lines changed: 3 additions & 0 deletions b/‎internal/bootstrap/bootstrap_test.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎internal/functions/list/list_test.go
Lines changed: 14 additions & 12 deletions b/‎internal/functions/list/list_test.go
Lines changed: 14 additions & 12 deletions
diff --git a/‎internal/hostnames/activate/activate.go
Lines changed: 1 addition & 1 deletion b/‎internal/hostnames/activate/activate.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎internal/hostnames/common_test.go
Lines changed: 3 additions & 1 deletion b/‎internal/hostnames/common_test.go
Lines changed: 3 additions & 1 deletion
diff --git a/‎internal/login/login_test.go
Lines changed: 2 additions & 2 deletions b/‎internal/login/login_test.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎internal/logout/logout_test.go
Lines changed: 4 additions & 4 deletions b/‎internal/logout/logout_test.go
Lines changed: 4 additions & 4 deletions
diff --git a/‎internal/utils/access_token.go
Lines changed: 27 additions & 14 deletions b/‎internal/utils/access_token.go
Lines changed: 27 additions & 14 deletions
@@ -92,13 +92,16 @@ var (
 				return errors.New("must set the --experimental flag to run this command")
 			}
 			cmd.SilenceUsage = true
-			// Change workdir
+			// Load profile before changing workdir
+			ctx := cmd.Context()
 			fsys := afero.NewOsFs()
+			if err := utils.LoadProfile(ctx, fsys); err != nil {
+				return err
+			}
 			if err := utils.ChangeWorkDir(fsys); err != nil {
 				return err
 			}
 			// Add common flags
-			ctx := cmd.Context()
 			if IsManagementAPI(cmd) {
 				if err := promptLogin(fsys); err != nil {
 					return err
@@ -236,6 +239,7 @@ func init() {
 	flags.String("workdir", "", "path to a Supabase project directory")
 	flags.Bool("experimental", false, "enable experimental features")
 	flags.String("network-id", "", "use the specified docker network instead of a generated one")
+	flags.String("profile", "supabase", "use a specific profile for connecting to Supabase API")
 	flags.VarP(&utils.OutputFormat, "output", "o", "output format of status variables")
 	flags.Var(&utils.DNSResolver, "dns-resolver", "lookup domain names using the specified resolver")
 	flags.BoolVar(&createTicket, "create-ticket", false, "create a support ticket for any CLI error")
 
@@ -20,6 +20,8 @@ require (
 	github.com/getsentry/sentry-go v0.35.1
 	github.com/go-errors/errors v1.5.1
 	github.com/go-git/go-git/v5 v5.16.2
+	github.com/go-playground/validator/v10 v10.27.0
+	github.com/go-viper/mapstructure/v2 v2.4.0
 	github.com/go-xmlfmt/xmlfmt v1.1.3
 	github.com/google/go-github/v62 v62.0.0
 	github.com/google/go-querystring v1.1.0
@@ -131,6 +133,7 @@ require (
 	github.com/firefart/nonamedreturns v1.0.6 // indirect
 	github.com/fvbommel/sortorder v1.1.0 // indirect
 	github.com/fzipp/gocyclo v0.6.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
 	github.com/getkin/kin-openapi v0.131.0 // indirect
 	github.com/ghostiam/protogetter v0.3.15 // indirect
 	github.com/go-critic/go-critic v0.13.0 // indirect
@@ -140,14 +143,15 @@ require (
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.1 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-toolsmith/astcast v1.1.0 // indirect
 	github.com/go-toolsmith/astcopy v1.1.0 // indirect
 	github.com/go-toolsmith/astequal v1.2.0 // indirect
 	github.com/go-toolsmith/astfmt v1.1.0 // indirect
 	github.com/go-toolsmith/astp v1.1.0 // indirect
 	github.com/go-toolsmith/strparse v1.1.0 // indirect
 	github.com/go-toolsmith/typep v1.1.0 // indirect
-	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/gofrs/flock v0.12.1 // indirect
@@ -206,6 +210,7 @@ require (
 	github.com/ldez/grignotin v0.9.0 // indirect
 	github.com/ldez/tagliatelle v0.7.1 // indirect
 	github.com/ldez/usetesting v0.4.3 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/leonklingele/grouper v1.1.2 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 
@@ -296,6 +296,8 @@ github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQ
 github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
 github.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo=
 github.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA=
+github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
 github.com/getkin/kin-openapi v0.131.0 h1:NO2UeHnFKRYhZ8wg6Nyh5Cq7dHk4suQQr72a4pMrDxE=
 github.com/getkin/kin-openapi v0.131.0/go.mod h1:3OlG51PCYNsPByuiMB0t4fjnNlIDnaEDsjiKUV8nL58=
 github.com/getsentry/sentry-go v0.35.1 h1:iopow6UVLE2aXu46xKVIs8Z9D/YZkJrHkgozrxa+tOQ=
@@ -334,6 +336,14 @@ github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1
 github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
 github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
 github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.27.0 h1:w8+XrWVMhGkxOaaowyKH35gFydVHOvC0/uWoy2Fzwn4=
+github.com/go-playground/validator/v10 v10.27.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
 github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI=
 github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow=
 github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
@@ -641,6 +651,8 @@ github.com/ldez/tagliatelle v0.7.1 h1:bTgKjjc2sQcsgPiT902+aadvMjCeMHrY7ly2XKFORI
 github.com/ldez/tagliatelle v0.7.1/go.mod h1:3zjxUpsNB2aEZScWiZTHrAXOl1x25t3cRmzfK1mlo2I=
 github.com/ldez/usetesting v0.4.3 h1:pJpN0x3fMupdTf/IapYjnkhiY1nSTN+pox1/GyBRw3k=
 github.com/ldez/usetesting v0.4.3/go.mod h1:eEs46T3PpQ+9RgN9VjpY6qWdiw2/QmfiDeWmdZdrjIQ=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/leonklingele/grouper v1.1.2 h1:o1ARBDLOmmasUaNDesWqWCIFH3u7hoFlM84YrjT3mIY=
 github.com/leonklingele/grouper v1.1.2/go.mod h1:6D0M/HVkhs2yRKRFZUoGjeDy7EZTfFBE9gl4kjmIGkA=
 github.com/lib/pq v0.0.0-20150723085316-0dad96c0b94f/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 
@@ -11,6 +11,7 @@ import (
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"github.com/supabase/cli/internal/utils"
 	"github.com/supabase/cli/internal/utils/flags"
 	"github.com/supabase/cli/pkg/api"
 )
@@ -64,6 +65,7 @@ func TestWriteEnv(t *testing.T) {
 
 	t.Run("writes .env", func(t *testing.T) {
 		flags.ProjectRef = "testing"
+		utils.CurrentProfile.ProjectHost = "supabase.co"
 		// Setup in-memory fs
 		fsys := afero.NewMemMapFs()
 		// Run test
@@ -80,6 +82,7 @@ SUPABASE_URL="https://testing.supabase.co"`, string(env))
 
 	t.Run("merges with .env.example", func(t *testing.T) {
 		flags.ProjectRef = "testing"
+		utils.CurrentProfile.ProjectHost = "supabase.co"
 		// Setup in-memory fs
 		fsys := afero.NewMemMapFs()
 		example, err := godotenv.Marshal(map[string]string{
 
@@ -3,6 +3,7 @@ package list
 import (
 	"context"
 	"errors"
+	"net/http"
 	"testing"
 
 	"github.com/h2non/gock"
@@ -14,14 +15,15 @@ import (
 )
 
 func TestFunctionsListCommand(t *testing.T) {
+	// Setup valid project ref
+	project := apitest.RandomProjectRef()
+	// Setup valid access token
+	token := apitest.RandomAccessToken(t)
+	t.Setenv("SUPABASE_ACCESS_TOKEN", string(token))
+
 	t.Run("lists all functions", func(t *testing.T) {
 		// Setup in-memory fs
 		fsys := afero.NewMemMapFs()
-		// Setup valid project ref
-		project := apitest.RandomProjectRef()
-		// Setup valid access token
-		token := apitest.RandomAccessToken(t)
-		t.Setenv("SUPABASE_ACCESS_TOKEN", string(token))
 		// Flush pending mocks after test execution
 		defer gock.OffAll()
 
@@ -53,23 +55,23 @@ func TestFunctionsListCommand(t *testing.T) {
 		assert.Empty(t, apitest.ListUnmatchedRequests())
 	})
 
-	t.Run("throws error on missing access token", func(t *testing.T) {
+	t.Run("throws error on service unavailable", func(t *testing.T) {
 		// Setup in-memory fs
 		fsys := afero.NewMemMapFs()
+		// Flush pending mocks after test execution
+		defer gock.OffAll()
+		gock.New(utils.DefaultApiHost).
+			Get("/v1/projects/" + project + "/functions").
+			Reply(http.StatusServiceUnavailable)
 		// Run test
-		err := Run(context.Background(), "", fsys)
+		err := Run(context.Background(), project, fsys)
 		// Check error
 		assert.ErrorContains(t, err, "Unexpected error retrieving functions")
 	})
 
 	t.Run("throws error on network error", func(t *testing.T) {
 		// Setup in-memory fs
 		fsys := afero.NewMemMapFs()
-		// Setup valid project ref
-		project := apitest.RandomProjectRef()
-		// Setup valid access token
-		token := apitest.RandomAccessToken(t)
-		t.Setenv("SUPABASE_ACCESS_TOKEN", string(token))
 		// Flush pending mocks after test execution
 		defer gock.OffAll()
 		gock.New(utils.DefaultApiHost).
 
@@ -27,7 +27,7 @@ func Run(ctx context.Context, projectRef string, includeRawOutput bool, fsys afe
 	{
 		resp, err := utils.GetSupabase().V1ActivateCustomHostnameWithResponse(ctx, projectRef)
 		if err != nil {
-			return errors.Errorf("failed to active custom hostname: %w", err)
+			return errors.Errorf("failed to activate custom hostname: %w", err)
 		}
 		if resp.JSON201 == nil {
 			return errors.New("failed to activate custom hostname config: " + string(resp.Body))
 
@@ -7,9 +7,11 @@ import (
 
 	"github.com/h2non/gock"
 	"github.com/stretchr/testify/assert"
+	"github.com/supabase/cli/internal/utils"
 )
 
 func TestVerifyCNAME(t *testing.T) {
+	utils.CurrentProfile.ProjectHost = "supabase.co"
 	defer gock.OffAll()
 	gock.New("https://1.1.1.1").
 		Get("/dns-query").
@@ -40,5 +42,5 @@ func TestVerifyCNAMEFailures(t *testing.T) {
 			},
 		}})
 	err := VerifyCNAME(context.Background(), "foobarbaz", "hello.custom-domain.com")
-	assert.ErrorContains(t, err, "expected custom hostname 'hello.custom-domain.com' to have a CNAME record pointing to your project at 'foobarbaz.supabase.co.', but it failed to resolve: failed to locate appropriate CNAME record for hello.custom-domain.com")
+	assert.ErrorContains(t, err, "failed to locate appropriate CNAME record for hello.custom-domain.com")
 }
@@ -40,7 +40,7 @@ func TestLoginCommand(t *testing.T) {
 			Token: token,
 			Fsys:  afero.NewMemMapFs(),
 		}))
-		saved, err := credentials.StoreProvider.Get(utils.AccessTokenKey)
+		saved, err := credentials.StoreProvider.Get(utils.CurrentProfile.Name)
 		assert.NoError(t, err)
 		assert.Equal(t, token, saved)
 	})
@@ -83,7 +83,7 @@ func TestLoginCommand(t *testing.T) {
 		expectedBrowserUrl := fmt.Sprintf("%s/cli/login?session_id=%s&token_name=%s&public_key=%s", utils.GetSupabaseDashboardURL(), sessionId, tokenName, publicKey)
 		assert.Contains(t, out.String(), expectedBrowserUrl)
 
-		saved, err := credentials.StoreProvider.Get(utils.AccessTokenKey)
+		saved, err := credentials.StoreProvider.Get(utils.CurrentProfile.Name)
 		assert.NoError(t, err)
 		assert.Equal(t, token, saved)
 		assert.Empty(t, apitest.ListUnmatchedRequests())
 
@@ -35,7 +35,7 @@ func TestLogoutCommand(t *testing.T) {
 
 	t.Run("removes all Supabase CLI credentials", func(t *testing.T) {
 		keyring.MockInit()
-		require.NoError(t, credentials.StoreProvider.Set(utils.AccessTokenKey, token))
+		require.NoError(t, credentials.StoreProvider.Set(utils.CurrentProfile.Name, token))
 		require.NoError(t, credentials.StoreProvider.Set("project1", "password1"))
 		require.NoError(t, credentials.StoreProvider.Set("project2", "password2"))
 		t.Cleanup(fstest.MockStdin(t, "y"))
@@ -44,7 +44,7 @@ func TestLogoutCommand(t *testing.T) {
 		// Check error
 		assert.NoError(t, err)
 		// Check that access token has been removed
-		saved, _ := credentials.StoreProvider.Get(utils.AccessTokenKey)
+		saved, _ := credentials.StoreProvider.Get(utils.CurrentProfile.Name)
 		assert.Empty(t, saved)
 		// check that project 1 has been removed
 		saved, _ = credentials.StoreProvider.Get("project1")
@@ -56,14 +56,14 @@ func TestLogoutCommand(t *testing.T) {
 
 	t.Run("skips logout by default", func(t *testing.T) {
 		keyring.MockInit()
-		require.NoError(t, credentials.StoreProvider.Set(utils.AccessTokenKey, token))
+		require.NoError(t, credentials.StoreProvider.Set(utils.CurrentProfile.Name, token))
 		// Setup in-memory fs
 		fsys := afero.NewMemMapFs()
 		// Run test
 		err := Run(context.Background(), os.Stdout, fsys)
 		// Check error
 		assert.ErrorIs(t, err, context.Canceled)
-		saved, err := credentials.StoreProvider.Get(utils.AccessTokenKey)
+		saved, err := credentials.StoreProvider.Get(utils.CurrentProfile.Name)
 		assert.NoError(t, err)
 		assert.Equal(t, token, saved)
 	})
 
@@ -1,6 +1,7 @@
 package utils
 
 import (
+	"fmt"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -32,12 +33,20 @@ func LoadAccessTokenFS(fsys afero.Fs) (string, error) {
 }
 
 func loadAccessToken(fsys afero.Fs) (string, error) {
+	logger := GetDebugLogger()
 	// Env takes precedence
 	if accessToken := os.Getenv("SUPABASE_ACCESS_TOKEN"); accessToken != "" {
+		fmt.Fprintln(logger, "Using access token from env var...")
 		return accessToken, nil
 	}
-	// Load from native credentials store
+	// Load from current profile
+	if accessToken, err := credentials.StoreProvider.Get(CurrentProfile.Name); err == nil {
+		fmt.Fprintln(logger, "Using access token for profile:", CurrentProfile.Name)
+		return accessToken, nil
+	}
+	// Load from legacy key for backwards compatibility
 	if accessToken, err := credentials.StoreProvider.Get(AccessTokenKey); err == nil {
+		fmt.Fprintln(logger, "Using access token from credentials store...")
 		return accessToken, nil
 	}
 	// Fallback to token file
@@ -55,6 +64,7 @@ func fallbackLoadToken(fsys afero.Fs) (string, error) {
 	} else if err != nil {
 		return "", errors.Errorf("failed to read access token file: %w", err)
 	}
+	fmt.Fprintln(GetDebugLogger(), "Using access token from file:", path)
 	return string(accessToken), nil
 }
 
@@ -63,8 +73,10 @@ func SaveAccessToken(accessToken string, fsys afero.Fs) error {
 	if !AccessTokenPattern.MatchString(accessToken) {
 		return errors.New(ErrInvalidToken)
 	}
-	// Save to native credentials store
-	if err := credentials.StoreProvider.Set(AccessTokenKey, accessToken); err == nil {
+	// Save to current profile
+	if err := credentials.StoreProvider.Set(CurrentProfile.Name, accessToken); err != nil {
+		fmt.Fprintln(GetDebugLogger(), err)
+	} else {
 		return nil
 	}
 	// Fallback to token file
@@ -87,19 +99,20 @@ func fallbackSaveToken(accessToken string, fsys afero.Fs) error {
 
 func DeleteAccessToken(fsys afero.Fs) error {
 	// Always delete the fallback token file to handle legacy CLI
-	if err := fallbackDeleteToken(fsys); err == nil {
-		// Typically user system should only have either token file or keyring.
-		// But we delete from both just in case.
-		_ = credentials.StoreProvider.Delete(AccessTokenKey)
-		return nil
-	} else if !errors.Is(err, os.ErrNotExist) {
+	if err := fallbackDeleteToken(fsys); err != nil && !errors.Is(err, os.ErrNotExist) {
 		return err
 	}
-	// Fallback not found, delete from native credentials store
-	err := credentials.StoreProvider.Delete(AccessTokenKey)
-	if errors.Is(err, credentials.ErrNotSupported) || errors.Is(err, keyring.ErrNotFound) {
-		return errors.New(ErrNotLoggedIn)
-	} else if err != nil {
+	// Always delete from legacy keyring
+	if err := credentials.StoreProvider.Delete(AccessTokenKey); err != nil && !errors.Is(err, keyring.ErrNotFound) {
+		fmt.Fprintln(GetDebugLogger(), err)
+	}
+	// Delete profile from native credentials store
+	if err := credentials.StoreProvider.Delete(CurrentProfile.Name); err != nil {
+		if errors.Is(err, credentials.ErrNotSupported) ||
+			errors.Is(err, keyring.ErrUnsupportedPlatform) ||
+			errors.Is(err, keyring.ErrNotFound) {
+			return errors.New(ErrNotLoggedIn)
+		}
 		return errors.Errorf("failed to delete access token from keyring: %w", err)
 	}
 	return nil
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ func Run(ctx context.Context, projectRef string, includeRawOutput bool, fsys afe`
`27`	`27`	`{`
`28`	`28`	`resp, err := utils.GetSupabase().V1ActivateCustomHostnameWithResponse(ctx, projectRef)`
`29`	`29`	`if err != nil {`
`30`		`- return errors.Errorf("failed to active custom hostname: %w", err)`
	`30`	`+ return errors.Errorf("failed to activate custom hostname: %w", err)`
`31`	`31`	`}`
`32`	`32`	`if resp.JSON201 == nil {`
`33`	`33`	`return errors.New("failed to activate custom hostname config: " + string(resp.Body))`