feat(#836)!: unification and flexibility with AUTH_ORIGIN (#837)

* feat!: unification and flexibility with `AUTH_ORIGIN` * docs: using `AUTH_ORIGIN` * chore: rebuild with pnpm@6 * fix: extracting a variable from ENV * docs: update `originEnvKey` type description Co-authored-by: Marsel Shayhin <[email protected]> * fix: install scule after resolve conflicts * Update docs/guide/application-side/configuration.md Co-authored-by: Marsel Shayhin <[email protected]> * fix: broken lock after resolve conflict * Update src/runtime/server/services/utils.ts Co-authored-by: Marsel Shayhin <[email protected]> * fix: typecheck * Update docs/resources/error-reference.md Co-authored-by: Zoey <[email protected]> --------- Co-authored-by: Marsel Shayhin <[email protected]> Co-authored-by: Zoey <[email protected]>
sidebase · Aug 8, 2024 · 4729b1f · 4729b1f
1 parent 2e564da
commit 4729b1f
Show file tree

Hide file tree

Showing 8 changed files with 162 additions and 19 deletions.
diff --git a/docs/guide/advanced/deployment/self-hosted.md b/docs/guide/advanced/deployment/self-hosted.md
@@ -6,7 +6,7 @@ This guide will explain how you can self-host a Nuxt3 application running NuxtAu
 
 When deploying the Auth.JS provider, the application must be informed what URL it is running at. This is to properly determine callback urls when navigating users to external OAuth providers. Depending on your setup, NuxtAuth allows you to set this value at either [**Runtime**](https://nuxt.com/docs/guide/going-further/hooks#app-hooks-runtime) or [**Buildtime**](https://nuxt.com/docs/guide/going-further/hooks#nuxt-hooks-build-time).
 
-- **Runtime:** Set the `AUTH_ORIGIN` environment variable.
+- **Runtime:** Set the `NUXT_AUTH_ORIGIN` environment variable.
 - **Buildtime:** Set the `baseURL`-config key inside the `nuxt.config.ts`
 
 The origin consists out of:
@@ -15,17 +15,17 @@ The origin consists out of:
 - **host:** e.g., localhost, example.org, google.com
 - **port:** empty (implies `:80` for http and `:443` for https), :3000, :8888
 
-An example of the `AUTH_ORIGIN` would be: `https://my-awesome-app.com`
+An example of the `NUXT_AUTH_ORIGIN` would be: `https://my-awesome-app.com`
 
 :::info Origin Order
 When [attempting to determine the server origin](https://github.com/sidebase/nuxt-auth/blob/main/src/runtime/server/services/utils.ts#L11), NuxtAuth checks the available options in the following order:
-- **Prio 1**: Using `AUTH_ORIGIN`
+- **Prio 1**: Using `NUXT_AUTH_ORIGIN`
 - **Prio 2**: Using `baseURL`-config key from inside the `nuxt.config.ts`
 - **Prio 3**: Infer the origin _(Only in development)_
 :::
 
 :::tip
-We recommend setting the `AUTH_ORIGIN` during runtime and leaving the `baseURL`-config key empty, to avoid using a potentially incorrect ORIGIN. 
+We recommend setting the `NUXT_AUTH_ORIGIN` during runtime and leaving the `baseURL`-config key empty, to avoid using a potentially incorrect ORIGIN. 
 :::
 
 In addition to verifying that the origin is correctly set, also ensure that you have a secure [`secret` set in the NuxtAuthHandler](/guide/authjs/nuxt-auth-handler#secret).

diff --git a/docs/guide/application-side/configuration.md b/docs/guide/application-side/configuration.md
@@ -8,6 +8,7 @@ export default defineNuxtConfig({
     auth: { 
         isEnabled: true,
         disableServerSideAuth: false,
+        originEnvKey: 'AUTH_ORIGIN',
         baseURL: 'http://localhost:3000/api/auth',
         provider: { /* your provider config */ },
         sessionRefresh: {
@@ -25,6 +26,13 @@ export default defineNuxtConfig({
 
 Whether the module is enabled at all
 
+## `originEnvKey`
+
+- **Type**: `string`
+- **Default**: `AUTH_ORIGIN`
+
+The name of the environment variable that holds the origin of the application. This is used to determine the origin of your application in production. Read more [here](/resources/error-reference#auth-no-origin).
+
 ## `disableServerSideAuth`
 
 - **Type**: `boolean`

diff --git a/docs/resources/error-reference.md b/docs/resources/error-reference.md
@@ -21,8 +21,18 @@ export default NuxtAuthHandler({
 
 `AUTH_NO_ORIGIN` will appear as a warning message during development and be thrown as an error that stops the application during production. It is safe to ignore the development warning - it is only meant as a heads-up for your later production-deployment. `AUTH_NO_ORIGIN` occurs when the origin of your application was not set. NuxtAuth tries to find the origin of your application in the following order:
 
-1. Use the `AUTH_ORIGIN` environment variable if it is set,
+1. Use the `NUXT_AUTH_ORIGIN` environment variable if it is set
 2. Development only: Determine the origin automatically from the incoming HTTP request
 
-
 The `origin` is important for callbacks that happen to a specific origin for `oauth` flows. Note that in order for (2) to work the `origin` already has to be set at build-time, i.e., when you run `npm run build` or `npm run generate` and it will lead to the `origin` being inside your app-bundle.
+
+```ts
+// file: nuxt.config.ts
+export default defineNuxtConfig({
+  runtimeConfig: {
+    authOrigin: 'https://example.org', // You can either set a default or leave it empty
+  }
+
+  // ... rest of your config
+})
+```
diff --git a/package.json b/package.json
@@ -38,6 +38,7 @@
     "knitwork": "^1.1.0",
     "nitropack": "^2.9.7",
     "requrl": "^3.0.2",
+    "scule": "^1.3.0",
     "ufo": "^1.5.4"
   },
   "peerDependencies": {

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/src/module.ts b/src/module.ts
@@ -27,6 +27,7 @@ import type {
 const topLevelDefaults = {
   isEnabled: true,
   disableServerSideAuth: false,
+  originEnvKey: 'AUTH_ORIGIN',
   sessionRefresh: {
     enablePeriodically: false,
     enableOnWindowFocus: true,

diff --git a/src/runtime/server/services/utils.ts b/src/runtime/server/services/utils.ts
@@ -1,6 +1,7 @@
 import { H3Event } from 'h3'
 import getURL from 'requrl'
 import { joinURL } from 'ufo'
+import { camelCase } from 'scule'
 import { isProduction } from '../../helpers'
 import { ERROR_MESSAGES } from './errors'
 import { useRuntimeConfig } from '#imports'
@@ -9,14 +10,18 @@ import { useRuntimeConfig } from '#imports'
  * Get `origin` and fallback to `x-forwarded-host` or `host` headers if not in production.
  */
 export const getServerOrigin = (event?: H3Event): string => {
+  const config = useRuntimeConfig()
+
   // Prio 1: Environment variable
-  const envOrigin = process.env.AUTH_ORIGIN
+  const envOriginKey = config.public.auth.originEnvKey!
+  const envOriginKeyCamelcase = camelCase(envOriginKey, { normalize: true })
+  const envOrigin = (config[envOriginKeyCamelcase] ?? process.env[envOriginKey]) as string | undefined
   if (envOrigin) {
     return envOrigin
   }
 
-  // Prio 2: Runtime configuration
-  const runtimeConfigOrigin = useRuntimeConfig().public.auth.computed.origin
+  // Prio 2: Computed origin
+  const runtimeConfigOrigin = config.public.auth.computed.origin
   if (runtimeConfigOrigin) {
     return runtimeConfigOrigin
   }

diff --git a/src/runtime/types.ts b/src/runtime/types.ts
@@ -405,6 +405,15 @@ export interface ModuleOptions {
    * @default false
    */
   disableServerSideAuth?: boolean;
+  /**
+   * The name of the environment variable that holds the origin of the application. This is used to determine the full URL of the application in production.
+   * As an example, if you set `NUXT_AUTH_ORIGIN=http://example.org` in your `.env` file, the module will use this to determine the full URL of the application.
+   *
+   * Find more about this in the documentation: https://auth.sidebase.io/resources/error-reference#auth-no-origin
+   *
+   * @default 'AUTH_ORIGIN'
+   */
+  originEnvKey?: string
   /**
    * Full url at which the app will run combined with the path to authentication. You can set this differently depending on your selected authentication-provider:
    * - `authjs`: You must set the full URL, with origin and path in production. You can leave this empty in development