Skip to content

Commit

Permalink
fix: throw MissingSecret when secret missing (#10305)
Browse files Browse the repository at this point in the history
* feat: throw for missing secret

* fix: env tests for missing secret

---------

Co-authored-by: Thang Vu <[email protected]>
  • Loading branch information
ndom91 and ThangHuuVu authored Mar 25, 2024
1 parent 5ea8b7b commit aafa6dd
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 9 deletions.
7 changes: 7 additions & 0 deletions packages/core/src/lib/utils/env.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import type { AuthAction, AuthConfig } from "../../types.js"
import { MissingSecret } from "../../errors.js"
import { logger } from "./logger.js"

/** Set default env variables on the config object */
Expand All @@ -21,6 +22,12 @@ export function setEnvDefaults(envObject: any, config: AuthConfig) {
}
}

if (!config.secret?.length) {
throw new MissingSecret(
"Missing secret, please set AUTH_SECRET or config.secret"
)
}

config.redirectProxyUrl ??= envObject.AUTH_REDIRECT_PROXY_URL
config.trustHost ??= !!(
envObject.AUTH_URL ??
Expand Down
25 changes: 16 additions & 9 deletions packages/core/test/env.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ beforeEach(() => {
describe("config is inferred from environment variables", () => {
it("providers (client id, client secret, issuer, api key)", () => {
const env = {
AUTH_SECRET: "asdf",
AUTH_AUTH0_ID: "asdf",
AUTH_AUTH0_SECRET: "fdsa",
AUTH_AUTH0_ISSUER: "https://example.com",
Expand Down Expand Up @@ -55,37 +56,43 @@ describe("config is inferred from environment variables", () => {
})

it("AUTH_REDIRECT_PROXY_URL", () => {
const env = { AUTH_REDIRECT_PROXY_URL: "http://example.com" }
const env = {
AUTH_REDIRECT_PROXY_URL: "http://example.com",
AUTH_SECRET: "asdf",
}
setEnvDefaults(env, authConfig)
expect(authConfig.redirectProxyUrl).toBe(env.AUTH_REDIRECT_PROXY_URL)
})

it("AUTH_URL", () => {
const env = { AUTH_URL: "http://n/api/auth" }
const env = { AUTH_URL: "http://n/api/auth", AUTH_SECRET: "asdf" }
setEnvDefaults(env, authConfig)
expect(authConfig.basePath).toBe("/api/auth")
})

it("AUTH_URL + prefer config", () => {
const env = { AUTH_URL: "http://n/api/auth" }
const env = { AUTH_URL: "http://n/api/auth", AUTH_SECRET: "asdf" }
const fromConfig = "/basepath-from-config"
authConfig.basePath = fromConfig
setEnvDefaults(env, authConfig)
expect(authConfig.basePath).toBe(fromConfig)
})

it("AUTH_URL, but invalid value", () => {
const env = { AUTH_URL: "secret" }
const env = { AUTH_URL: "secret", AUTH_SECRET: "asdf" }
setEnvDefaults(env, authConfig)
expect(authConfig.basePath).toBe("/auth")
})

it.each([
[{ AUTH_TRUST_HOST: "1" }, { trustHost: true }],
[{ VERCEL: "1" }, { trustHost: true }],
[{ NODE_ENV: "development" }, { trustHost: true }],
[{ NODE_ENV: "test" }, { trustHost: true }],
[{ AUTH_URL: "http://example.com" }, { trustHost: true }],
[{ AUTH_TRUST_HOST: "1", AUTH_SECRET: "asdf" }, { trustHost: true }],
[{ VERCEL: "1" }, { trustHost: true, secret: "asdf" }],
[{ NODE_ENV: "development", AUTH_SECRET: "asdf" }, { trustHost: true }],
[{ NODE_ENV: "test" }, { trustHost: true, secret: "asdf" }],
[
{ AUTH_URL: "http://example.com", AUTH_SECRET: "asdf" },
{ trustHost: true },
],
])(`%j`, (env, expected) => {
setEnvDefaults(env, authConfig)
expect(authConfig).toMatchObject(expected)
Expand Down

0 comments on commit aafa6dd

Please sign in to comment.