From aafa6dd2b0c880a4c2f0e623d5df809c654d361f Mon Sep 17 00:00:00 2001 From: Nico Domino Date: Mon, 25 Mar 2024 14:28:25 +0100 Subject: [PATCH] fix: throw `MissingSecret` when secret missing (#10305) * feat: throw for missing secret * fix: env tests for missing secret --------- Co-authored-by: Thang Vu --- packages/core/src/lib/utils/env.ts | 7 +++++++ packages/core/test/env.test.ts | 25 ++++++++++++++++--------- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/packages/core/src/lib/utils/env.ts b/packages/core/src/lib/utils/env.ts index 858f75c874..0422bb476e 100644 --- a/packages/core/src/lib/utils/env.ts +++ b/packages/core/src/lib/utils/env.ts @@ -1,4 +1,5 @@ import type { AuthAction, AuthConfig } from "../../types.js" +import { MissingSecret } from "../../errors.js" import { logger } from "./logger.js" /** Set default env variables on the config object */ @@ -21,6 +22,12 @@ export function setEnvDefaults(envObject: any, config: AuthConfig) { } } + if (!config.secret?.length) { + throw new MissingSecret( + "Missing secret, please set AUTH_SECRET or config.secret" + ) + } + config.redirectProxyUrl ??= envObject.AUTH_REDIRECT_PROXY_URL config.trustHost ??= !!( envObject.AUTH_URL ?? diff --git a/packages/core/test/env.test.ts b/packages/core/test/env.test.ts index 0e7b980b25..93d6c4b498 100644 --- a/packages/core/test/env.test.ts +++ b/packages/core/test/env.test.ts @@ -18,6 +18,7 @@ beforeEach(() => { describe("config is inferred from environment variables", () => { it("providers (client id, client secret, issuer, api key)", () => { const env = { + AUTH_SECRET: "asdf", AUTH_AUTH0_ID: "asdf", AUTH_AUTH0_SECRET: "fdsa", AUTH_AUTH0_ISSUER: "https://example.com", @@ -55,19 +56,22 @@ describe("config is inferred from environment variables", () => { }) it("AUTH_REDIRECT_PROXY_URL", () => { - const env = { AUTH_REDIRECT_PROXY_URL: "http://example.com" } + const env = { + AUTH_REDIRECT_PROXY_URL: "http://example.com", + AUTH_SECRET: "asdf", + } setEnvDefaults(env, authConfig) expect(authConfig.redirectProxyUrl).toBe(env.AUTH_REDIRECT_PROXY_URL) }) it("AUTH_URL", () => { - const env = { AUTH_URL: "http://n/api/auth" } + const env = { AUTH_URL: "http://n/api/auth", AUTH_SECRET: "asdf" } setEnvDefaults(env, authConfig) expect(authConfig.basePath).toBe("/api/auth") }) it("AUTH_URL + prefer config", () => { - const env = { AUTH_URL: "http://n/api/auth" } + const env = { AUTH_URL: "http://n/api/auth", AUTH_SECRET: "asdf" } const fromConfig = "/basepath-from-config" authConfig.basePath = fromConfig setEnvDefaults(env, authConfig) @@ -75,17 +79,20 @@ describe("config is inferred from environment variables", () => { }) it("AUTH_URL, but invalid value", () => { - const env = { AUTH_URL: "secret" } + const env = { AUTH_URL: "secret", AUTH_SECRET: "asdf" } setEnvDefaults(env, authConfig) expect(authConfig.basePath).toBe("/auth") }) it.each([ - [{ AUTH_TRUST_HOST: "1" }, { trustHost: true }], - [{ VERCEL: "1" }, { trustHost: true }], - [{ NODE_ENV: "development" }, { trustHost: true }], - [{ NODE_ENV: "test" }, { trustHost: true }], - [{ AUTH_URL: "http://example.com" }, { trustHost: true }], + [{ AUTH_TRUST_HOST: "1", AUTH_SECRET: "asdf" }, { trustHost: true }], + [{ VERCEL: "1" }, { trustHost: true, secret: "asdf" }], + [{ NODE_ENV: "development", AUTH_SECRET: "asdf" }, { trustHost: true }], + [{ NODE_ENV: "test" }, { trustHost: true, secret: "asdf" }], + [ + { AUTH_URL: "http://example.com", AUTH_SECRET: "asdf" }, + { trustHost: true }, + ], ])(`%j`, (env, expected) => { setEnvDefaults(env, authConfig) expect(authConfig).toMatchObject(expected)