forked from nextauthjs/next-auth
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: make missing secret an error (nextauthjs#3143)
BREAKING CHANGE: It is now required to set a `secret` in production.
- Loading branch information
1 parent
2df8a08
commit 1046404
Showing
15 changed files
with
225 additions
and
148 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,7 @@ | ||
// This is an example of how to read a JSON Web Token from an API route | ||
import jwt from "next-auth/jwt" | ||
|
||
const secret = process.env.SECRET | ||
import { getToken } from "next-auth/jwt" | ||
|
||
export default async (req, res) => { | ||
const token = await jwt.getToken({ req, secret, encryption: true }) | ||
const token = await getToken({ req, secret: process.env.SECRET }) | ||
res.send(JSON.stringify(token, null, 2)) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
import { | ||
MissingAdapter, | ||
MissingAPIRoute, | ||
MissingAuthorize, | ||
MissingSecret, | ||
UnsupportedStrategy, | ||
} from "../errors" | ||
|
||
import type { NextAuthHandlerParams } from ".." | ||
import type { WarningCode } from "../../lib/logger" | ||
|
||
type ConfigError = | ||
| MissingAPIRoute | ||
| MissingSecret | ||
| UnsupportedStrategy | ||
| MissingAuthorize | ||
| MissingAdapter | ||
|
||
/** | ||
* Verify that the user configured `next-auth` correctly. | ||
* Good place to mention deprecations as well. | ||
* | ||
* REVIEW: Make some of these and corresponding docs less Next.js specific? | ||
*/ | ||
export function assertConfig( | ||
params: NextAuthHandlerParams | ||
): ConfigError | WarningCode | undefined { | ||
const { options, req } = params | ||
|
||
if (!req.query?.nextauth) { | ||
return new MissingAPIRoute( | ||
"Cannot find [...nextauth].{js,ts} in `/pages/api/auth`. Make sure the filename is written correctly." | ||
) | ||
} | ||
|
||
if (!options.secret) { | ||
if (process.env.NODE_ENV === "production") { | ||
return new MissingSecret("Please define a `secret` in production.") | ||
} else { | ||
return "NO_SECRET" | ||
} | ||
} | ||
|
||
if (!req.host) return "NEXTAUTH_URL" | ||
|
||
let hasCredentials, hasEmail | ||
|
||
options.providers.forEach(({ type }) => { | ||
if (type === "credentials") hasCredentials = true | ||
else if (type === "email") hasEmail = true | ||
}) | ||
|
||
if (hasCredentials) { | ||
const dbStrategy = options.session?.strategy === "database" | ||
const onlyCredentials = !options.providers.some( | ||
(p) => p.type !== "credentials" | ||
) | ||
if (dbStrategy || onlyCredentials) { | ||
return new UnsupportedStrategy( | ||
"Signin in with credentials only supported if JWT strategy is enabled" | ||
) | ||
} | ||
|
||
const credentialsNoAuthorize = options.providers.some( | ||
(p) => p.type === "credentials" && !p.authorize | ||
) | ||
if (credentialsNoAuthorize) { | ||
return new MissingAuthorize( | ||
"Must define an authorize() handler to use credentials authentication provider" | ||
) | ||
} | ||
} | ||
|
||
if (hasEmail && !options.adapter) { | ||
return new MissingAdapter("E-mail login requires an adapter.") | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.