fix: throw MissingSecret when secret missing

packages/core/src/lib/utils/env.ts

@@ -1,4 +1,5 @@
 import type { AuthAction, AuthConfig } from "../../types.js"
+import { MissingSecret } from "../../errors.js"
 import { logger } from "./logger.js"
 
 /** Set default env variables on the config object */
@@ -21,6 +22,12 @@ export function setEnvDefaults(envObject: any, config: AuthConfig) {
     }
   }
 
+  if (!config.secret?.length) {
+    throw new MissingSecret(
+      "Missing secret, please set AUTH_SECRET or config.secret"
+    )
+  }
+
   config.redirectProxyUrl ??= envObject.AUTH_REDIRECT_PROXY_URL
   config.trustHost ??= !!(
     envObject.AUTH_URL ??

packages/core/test/env.test.ts

@@ -18,6 +18,7 @@ beforeEach(() => {
 describe("config is inferred from environment variables", () => {
   it("providers (client id, client secret, issuer, api key)", () => {
     const env = {
+      AUTH_SECRET: "asdf",
       AUTH_AUTH0_ID: "asdf",
       AUTH_AUTH0_SECRET: "fdsa",
       AUTH_AUTH0_ISSUER: "https://example.com",
@@ -55,37 +56,43 @@ describe("config is inferred from environment variables", () => {
   })
 
   it("AUTH_REDIRECT_PROXY_URL", () => {
-    const env = { AUTH_REDIRECT_PROXY_URL: "http://example.com" }
+    const env = {
+      AUTH_REDIRECT_PROXY_URL: "http://example.com",
+      AUTH_SECRET: "asdf",
+    }
     setEnvDefaults(env, authConfig)
     expect(authConfig.redirectProxyUrl).toBe(env.AUTH_REDIRECT_PROXY_URL)
   })
 
   it("AUTH_URL", () => {
-    const env = { AUTH_URL: "http://n/api/auth" }
+    const env = { AUTH_URL: "http://n/api/auth", AUTH_SECRET: "asdf" }
     setEnvDefaults(env, authConfig)
     expect(authConfig.basePath).toBe("/api/auth")
   })
 
   it("AUTH_URL + prefer config", () => {
-    const env = { AUTH_URL: "http://n/api/auth" }
+    const env = { AUTH_URL: "http://n/api/auth", AUTH_SECRET: "asdf" }
     const fromConfig = "/basepath-from-config"
     authConfig.basePath = fromConfig
     setEnvDefaults(env, authConfig)
     expect(authConfig.basePath).toBe(fromConfig)
   })
 
   it("AUTH_URL, but invalid value", () => {
-    const env = { AUTH_URL: "secret" }
+    const env = { AUTH_URL: "secret", AUTH_SECRET: "asdf" }
     setEnvDefaults(env, authConfig)
     expect(authConfig.basePath).toBe("/auth")
   })
 
   it.each([
-    [{ AUTH_TRUST_HOST: "1" }, { trustHost: true }],
-    [{ VERCEL: "1" }, { trustHost: true }],
-    [{ NODE_ENV: "development" }, { trustHost: true }],
-    [{ NODE_ENV: "test" }, { trustHost: true }],
-    [{ AUTH_URL: "http://example.com" }, { trustHost: true }],
+    [{ AUTH_TRUST_HOST: "1", AUTH_SECRET: "asdf" }, { trustHost: true }],
+    [{ VERCEL: "1" }, { trustHost: true, secret: "asdf" }],
+    [{ NODE_ENV: "development", AUTH_SECRET: "asdf" }, { trustHost: true }],
+    [{ NODE_ENV: "test" }, { trustHost: true, secret: "asdf" }],
+    [
+      { AUTH_URL: "http://example.com", AUTH_SECRET: "asdf" },
+      { trustHost: true },
+    ],
   ])(`%j`, (env, expected) => {
     setEnvDefaults(env, authConfig)
     expect(authConfig).toMatchObject(expected)