use new auth secret format

t3-oss · Oct 26, 2024 · 8b2da55 · 8b2da55
1 parent 844435a
commit 8b2da55
Show file tree

Hide file tree

Showing 30 changed files with 77 additions and 79 deletions.
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
@@ -62,8 +62,8 @@ jobs:
         if: ${{ steps.matrix-valid.outputs.continue == 'true' }}
         env:
           AUTH_SECRET: foo
-          DISCORD_CLIENT_ID: bar
-          DISCORD_CLIENT_SECRET: baz
+          AUTH_DISCORD_ID: bar
+          AUTH_DISCORD_SECRET: baz
           SKIP_ENV_VALIDATION: true
 
   build-t3-app-with-bun:
@@ -102,6 +102,6 @@ jobs:
         # - run: cd ../ci-bun && bun --bun run build
         env:
           AUTH_SECRET: foo
+          AUTH_DISCORD_ID: bar
+          AUTH_DISCORD_SECRET: baz
           DATABASE_URL: mysql://root:root@localhost:3306/test # can't use url from example env cause we block that in t3-env
-          DISCORD_CLIENT_ID: bar
-          DISCORD_CLIENT_SECRET: baz
diff --git a/cli/src/installers/envVars.ts b/cli/src/installers/envVars.ts
@@ -51,8 +51,19 @@ export const envVariablesInstaller: Installer = ({
   const envDest = path.join(projectDir, ".env");
   const envExampleDest = path.join(projectDir, ".env.example");
 
-  fs.writeFileSync(envDest, envContent, "utf-8");
-  fs.writeFileSync(envExampleDest, exampleEnvContent + envContent, "utf-8");
+  const _exampleEnvContent = exampleEnvContent + envContent;
+
+  // Generate an auth secret and put in .env, not .env.example
+  const secret = Buffer.from(
+    crypto.getRandomValues(new Uint8Array(32))
+  ).toString("base64");
+  const _envContent = envContent.replace(
+    'AUTH_SECRET=""',
+    `AUTH_SECRET="${secret}" # Generated by create-t3-app.`
+  );
+
+  fs.writeFileSync(envDest, _envContent, "utf-8");
+  fs.writeFileSync(envExampleDest, _exampleEnvContent, "utf-8");
 };
 
 const getEnvContent = (
@@ -75,11 +86,11 @@ const getEnvContent = (
 # You can generate a new secret on the command line with:
 # npx auth secret
 # https://next-auth.js.org/configuration/options#secret
-# AUTH_SECRET=""
+AUTH_SECRET=""
 
 # Next Auth Discord Provider
-DISCORD_CLIENT_ID=""
-DISCORD_CLIENT_SECRET=""
+AUTH_DISCORD_ID=""
+AUTH_DISCORD_SECRET=""
 `;
 
   if (usingPrisma)

diff --git a/cli/template/extras/src/env/with-auth-db-planetscale.js b/cli/template/extras/src/env/with-auth-db-planetscale.js
@@ -11,15 +11,15 @@ export const env = createEnv({
       process.env.NODE_ENV === "production"
         ? z.string()
         : z.string().optional(),
+    AUTH_DISCORD_ID: z.string(),
+    AUTH_DISCORD_SECRET: z.string(),
     DATABASE_URL: z
       .string()
       .url()
       .refine(
         (str) => !str.includes("YOUR_MYSQL_URL_HERE"),
         "You forgot to change the default URL"
       ),
-    DISCORD_CLIENT_ID: z.string(),
-    DISCORD_CLIENT_SECRET: z.string(),
     NODE_ENV: z
       .enum(["development", "test", "production"])
       .default("development"),
@@ -40,9 +40,9 @@ export const env = createEnv({
    */
   runtimeEnv: {
     AUTH_SECRET: process.env.AUTH_SECRET,
+    AUTH_DISCORD_ID: process.env.AUTH_DISCORD_ID,
+    AUTH_DISCORD_SECRET: process.env.AUTH_DISCORD_SECRET,
     DATABASE_URL: process.env.DATABASE_URL,
-    DISCORD_CLIENT_ID: process.env.DISCORD_CLIENT_ID,
-    DISCORD_CLIENT_SECRET: process.env.DISCORD_CLIENT_SECRET,
     NODE_ENV: process.env.NODE_ENV,
   },
   /**

diff --git a/cli/template/extras/src/env/with-auth-db.js b/cli/template/extras/src/env/with-auth-db.js
@@ -11,9 +11,9 @@ export const env = createEnv({
       process.env.NODE_ENV === "production"
         ? z.string()
         : z.string().optional(),
+    AUTH_DISCORD_ID: z.string(),
+    AUTH_DISCORD_SECRET: z.string(),
     DATABASE_URL: z.string().url(),
-    DISCORD_CLIENT_ID: z.string(),
-    DISCORD_CLIENT_SECRET: z.string(),
     NODE_ENV: z
       .enum(["development", "test", "production"])
       .default("development"),
@@ -34,9 +34,9 @@ export const env = createEnv({
    */
   runtimeEnv: {
     AUTH_SECRET: process.env.AUTH_SECRET,
+    AUTH_DISCORD_ID: process.env.AUTH_DISCORD_ID,
+    AUTH_DISCORD_SECRET: process.env.AUTH_DISCORD_SECRET,
     DATABASE_URL: process.env.DATABASE_URL,
-    DISCORD_CLIENT_ID: process.env.DISCORD_CLIENT_ID,
-    DISCORD_CLIENT_SECRET: process.env.DISCORD_CLIENT_SECRET,
     NODE_ENV: process.env.NODE_ENV,
   },
   /**

diff --git a/cli/template/extras/src/env/with-auth.js b/cli/template/extras/src/env/with-auth.js
@@ -11,8 +11,8 @@ export const env = createEnv({
       process.env.NODE_ENV === "production"
         ? z.string()
         : z.string().optional(),
-    DISCORD_CLIENT_ID: z.string(),
-    DISCORD_CLIENT_SECRET: z.string(),
+    AUTH_DISCORD_ID: z.string(),
+    AUTH_DISCORD_SECRET: z.string(),
     NODE_ENV: z
       .enum(["development", "test", "production"])
       .default("development"),
@@ -33,8 +33,8 @@ export const env = createEnv({
    */
   runtimeEnv: {
     AUTH_SECRET: process.env.AUTH_SECRET,
-    DISCORD_CLIENT_ID: process.env.DISCORD_CLIENT_ID,
-    DISCORD_CLIENT_SECRET: process.env.DISCORD_CLIENT_SECRET,
+    AUTH_DISCORD_ID: process.env.AUTH_DISCORD_ID,
+    AUTH_DISCORD_SECRET: process.env.AUTH_DISCORD_SECRET,
     NODE_ENV: process.env.NODE_ENV,
     // NEXT_PUBLIC_CLIENTVAR: process.env.NEXT_PUBLIC_CLIENTVAR,
   },

diff --git a/cli/template/extras/src/server/auth/config/base.ts b/cli/template/extras/src/server/auth/config/base.ts
@@ -1,8 +1,6 @@
 import { type DefaultSession, type NextAuthConfig } from "next-auth";
 import DiscordProvider from "next-auth/providers/discord";
 
-import { env } from "~/env";
-
 /**
  * Module augmentation for `next-auth` types. Allows us to add custom properties to the `session`
  * object and keep type safety.
@@ -31,10 +29,7 @@ declare module "next-auth" {
  */
 export const authConfig = {
   providers: [
-    DiscordProvider({
-      clientId: env.DISCORD_CLIENT_ID,
-      clientSecret: env.DISCORD_CLIENT_SECRET,
-    }),
+    DiscordProvider,
     /**
      * ...add more providers here.
      *

diff --git a/cli/template/extras/src/server/auth/config/with-drizzle.ts b/cli/template/extras/src/server/auth/config/with-drizzle.ts
@@ -2,7 +2,6 @@ import { DrizzleAdapter } from "@auth/drizzle-adapter";
 import { type DefaultSession, type NextAuthConfig } from "next-auth";
 import DiscordProvider from "next-auth/providers/discord";
 
-import { env } from "~/env";
 import { db } from "~/server/db";
 import {
   accounts,
@@ -39,10 +38,7 @@ declare module "next-auth" {
  */
 export const authConfig = {
   providers: [
-    DiscordProvider({
-      clientId: env.DISCORD_CLIENT_ID,
-      clientSecret: env.DISCORD_CLIENT_SECRET,
-    }),
+    DiscordProvider,
     /**
      * ...add more providers here.
      *

diff --git a/cli/template/extras/src/server/auth/config/with-prisma.ts b/cli/template/extras/src/server/auth/config/with-prisma.ts
@@ -2,7 +2,6 @@ import { PrismaAdapter } from "@auth/prisma-adapter";
 import { type DefaultSession, type NextAuthConfig } from "next-auth";
 import DiscordProvider from "next-auth/providers/discord";
 
-import { env } from "~/env";
 import { db } from "~/server/db";
 
 /**
@@ -33,10 +32,7 @@ declare module "next-auth" {
  */
 export const authConfig = {
   providers: [
-    DiscordProvider({
-      clientId: env.DISCORD_CLIENT_ID,
-      clientSecret: env.DISCORD_CLIENT_SECRET,
-    }),
+    DiscordProvider,
     /**
      * ...add more providers here.
      *

diff --git a/www/src/pages/ar/usage/first-steps.md b/www/src/pages/ar/usage/first-steps.md
@@ -22,8 +22,8 @@ dir: rtl
 
 ثم اذهب **<** Settings **<** OAuth2 **<** General
 
-قم بنسخ Client ID وضعه في `.env `كـ `DISCORD_CLIENT_ID`
+قم بنسخ Client ID وضعه في `.env `كـ `AUTH_DISCORD_ID`
 
-اضغط علي Reset Secret ثم انسخ كلمة السر الجديدة وضعها في .env كـ DISCORD_CLIENT_SECRET
+اضغط علي Reset Secret ثم انسخ كلمة السر الجديدة وضعها في .env كـ AUTH_DISCORD_SECRET
 اضغط علي Add Redirect واضف http://localhost:3000/api/auth/callback/discord
 اضف AUTH_SECRET الي .env كـ String، في الـ Production اضف كلمة سر قوية.
diff --git a/www/src/pages/ar/usage/next-auth.md b/www/src/pages/ar/usage/next-auth.md
@@ -159,9 +159,9 @@ const userRouter = router({
 
 2. في settings menu اضغط على OAuth2 ثم General
 
-3. إنسخ الـ Client ID وضعة في `.env` كـ DISCORD_CLIENT_ID
+3. إنسخ الـ Client ID وضعة في `.env` كـ AUTH_DISCORD_ID
 
-4. تحت Client Secret اضغط على "Reset Secret" ونسخ النص الجديد وضعه في `.env` كـ `DISCORD_CLIENT_SECRET `.
+4. تحت Client Secret اضغط على "Reset Secret" ونسخ النص الجديد وضعه في `.env` كـ `AUTH_DISCORD_SECRET `.
    كن حذرًا لأنك لن تتمكن من رؤية هذا كلمة السر مرة أخرى ، ستؤدي إعادة تعيينها إلى انتهاء صلاحية كلمة السر الحالية
 5. اضغط على Add Redirect واضف رابط إعادة التوجيه`http://localhost:3000/api/auth/callback/discord` كمثال
 6. احفظ التعديلات

diff --git a/www/src/pages/en/usage/first-steps.md b/www/src/pages/en/usage/first-steps.md
@@ -30,8 +30,8 @@ Of course, if you prefer to use a different auth provider, you can also use one
 1. You will need a Discord account, so register one if you haven't already.
 2. Navigate to https://discord.com/developers/applications and click "New Application" in the top right corner. Give your application a name and agree to the Terms of Service.
 3. Once your application has been created, navigate to "Settings → OAuth2 → General".
-4. Copy the "Client ID" and add it to your `.env` as `DISCORD_CLIENT_ID`.
-5. Click "Reset Secret", copy the new secret, and add it to your `.env` as `DISCORD_CLIENT_SECRET`.
+4. Copy the "Client ID" and add it to your `.env` as `AUTH_DISCORD_ID`.
+5. Click "Reset Secret", copy the new secret, and add it to your `.env` as `AUTH_DISCORD_SECRET`.
 6. Click "Add Redirect" and type in `http://localhost:3000/api/auth/callback/discord`.
    - For production deployment, follow the previous steps to create another Discord Application, but this time replace `http://localhost:3000` with the URL that you are deploying to.
 7. Save Changes.

diff --git a/www/src/pages/en/usage/next-auth.mdx b/www/src/pages/en/usage/next-auth.mdx
@@ -213,8 +213,8 @@ I.e.:
 1. Head to [the Applications section in the Discord Developer Portal](https://discord.com/developers/applications), and click on "New Application"
 2. In the settings menu, go to "OAuth2 => General"
 
-- Copy the Client ID and paste it in `DISCORD_CLIENT_ID` in `.env`.
-- Under Client Secret, click "Reset Secret" and copy that string to `DISCORD_CLIENT_SECRET` in `.env`. Be careful as you won't be able to see this secret again, and resetting it will cause the existing one to expire.
+- Copy the Client ID and paste it in `AUTH_DISCORD_ID` in `.env`.
+- Under Client Secret, click "Reset Secret" and copy that string to `AUTH_DISCORD_SECRET` in `.env`. Be careful as you won't be able to see this secret again, and resetting it will cause the existing one to expire.
 - Click "Add Redirect" and paste in `<app url>/api/auth/callback/discord` (example for local development: <code class="break-all">http://localhost:3000/api/auth/callback/discord</code>)
 - Save your changes
 - It is possible, but not recommended, to use the same Discord Application for both development and production. You could also consider [Mocking the Provider](https://github.com/trpc/trpc/blob/main/examples/next-prisma-websockets-starter/src/pages/api/auth/%5B...nextauth%5D.ts) during development.

diff --git a/www/src/pages/es/usage/first-steps.md b/www/src/pages/es/usage/first-steps.md
@@ -20,8 +20,8 @@ Por supuesto, si prefieres usar un proveedor de autenticación diferente, tambi
 1. Necesitarás una cuenta de Discord, así que crea una cuenta si aún no lo has hecho.
 2. Dirígite a [https://discord.com/developers/applications](https://discord.com/developers/applications) y haz clic en "New Application" en la esquina superior derecha. Asigna un nombre a tu aplicación y acepta los términos de servicio.
 3. Una vez creada tu aplicación, dirígite a "Settings → OAuth2 → General".
-4. Copia el "Client ID" y agrégalo a tu `.env` como `DISCORD_CLIENT_ID`.
-5. Haz clic en "Reset Secret", copia el nuevo valor secreto y agrégalo a tu `.env` como `DISCORD_CLIENT_SECRET`.
+4. Copia el "Client ID" y agrégalo a tu `.env` como `AUTH_DISCORD_ID`.
+5. Haz clic en "Reset Secret", copia el nuevo valor secreto y agrégalo a tu `.env` como `AUTH_DISCORD_SECRET`.
 6. Haz clic en "Add Redirect" y escribe `http://localhost:3000/api/auth/callback/discord`.
    - Para la implementación de producción, sigue los pasos anteriores para crear otra aplicación Discord, pero esta vez reemplaza `http://localhost:3000` con la URL de producción en la que está implementando.
 7. Guarda los cambios.

diff --git a/www/src/pages/es/usage/next-auth.md b/www/src/pages/es/usage/next-auth.md
@@ -158,8 +158,8 @@ El uso de NextAuth.js con el middleware Next.js [requiere el uso de la estrategi
 1. Dirígete a [la sección de aplicaciones en el portal del desarrollador de Discord](https://discord.com/developers/applications) y haz clic en "New Application"
 2. En el menú de configuración, dirígite a "OAuth2 => General"
 
-- Copia el Client ID y pégalo en `DISCORD_CLIENT_ID` en `.env`.
-- En Client Secret, haz clic en "Reset Secret" y copia ese string en `DISCORD_CLIENT_SECRET` en `.env`. Ten cuidado ya que no podrás volver a ver este valor secreto, y restablecerlo hará que el existente expire.
+- Copia el Client ID y pégalo en `AUTH_DISCORD_ID` en `.env`.
+- En Client Secret, haz clic en "Reset Secret" y copia ese string en `AUTH_DISCORD_SECRET` en `.env`. Ten cuidado ya que no podrás volver a ver este valor secreto, y restablecerlo hará que el existente expire.
 - Haz clic en "Add Redirect" y pega en `<app url>/api/auth/callback/discord` (Ejemplo para desarrollo local: <code class="break-all">http://localhost:3000/api/auth/callback/discord</code>)
 - Guarda tus cambios
 - Es posible, pero no recomendado, usar la misma aplicación de Discord tanto para desarrollo como para producción. También puedes considerar hacer un [mock del proveedor](https://github.com/trpc/trpc/blob/main/examples/next-prisma-websockets-starter/src/pages/api/auth/%5B...nextauth%5D.ts) durante el desarrollo.

diff --git a/www/src/pages/fr/usage/first-steps.md b/www/src/pages/fr/usage/first-steps.md
@@ -21,7 +21,7 @@ Bien sûr, si vous préférez utiliser un autre fournisseur d'authentification,
 1. Vous aurez besoin d'un compte Discord, créez-en un si vous ne l'avez pas déjà fait.
 2. Accédez à https://discord.com/developers/applications et cliquez sur "New Application" dans le coin supérieur droit. Nommez votre application et acceptez les conditions d'utilisation.
 3. Une fois votre application créée, accédez à "Settings → OAuth2 → General".
-4. Copiez le "Client ID" et ajoutez-le à votre `.env` en tant que `DISCORD_CLIENT_ID`.
+4. Copiez le "Client ID" et ajoutez-le à votre `.env` en tant que `AUTH_DISCORD_ID`.
 5. Cliquez sur "Reset Secret", copiez le nouveau secret et ajoutez-le à votre `.env` en tant que `DISCORD CLIENT_SECRET`.
 6. Cliquez sur "Add Redirect" et saisissez `http://localhost:3000/api/auth/callback/discord`.
    - Pour le déploiement en production, suivez les étapes précédentes pour créer une autre application Discord, mais cette fois remplacez `http://localhost:3000` par l'URL vers laquelle vous déployez.

diff --git a/www/src/pages/fr/usage/next-auth.mdx b/www/src/pages/fr/usage/next-auth.mdx
@@ -212,7 +212,7 @@ Ex.:
 1. Rendez-vous dans [la section Applications du portail des développeurs Discord](https://discord.com/developers/applications), et cliquez sur "New Application"
 1. Dans le menu des paramètres, allez dans "OAuth2 => General"
 
-- Copiez l'ID client et collez-le dans `DISCORD_CLIENT_ID` dans `.env`.
+- Copiez l'ID client et collez-le dans `AUTH_DISCORD_ID` dans `.env`.
 - Sous Client Secret, cliquez sur "Reset Secret" et copiez cette chaîne de caractères dans `DISCORD CLIENT_SECRET` dans `.env`. Soyez prudent car vous ne pourrez plus voir ce secret et le réinitialiser entraînera l'expiration du secret existant.
 - Cliquez sur "Add Redirect" et collez `<app url>/api/auth/callback/discord` (exemple pour le développement local : <code class="break-all">http://localhost:3000/api/auth/rappel/discord</code>)
 - Enregistrez vos modifications

diff --git a/www/src/pages/ja/usage/first-steps.md b/www/src/pages/ja/usage/first-steps.md
@@ -20,8 +20,8 @@ lang: ja
 1. Discord のアカウントが必要になりますので、まだの方は登録してください。
 2. https://discord.com/developers/applications に移動し、右上の「New Application」をクリックします。アプリケーションの名前を付け、利用規約に同意してください。
 3. アプリケーションの作成が完了したら、「Settings → OAuth2 → General」に移動してください。
-4. 「Client ID」をコピーし、`DISCORD_CLIENT_ID`として`.env`に追加します。
-5. 「Reset Secret」をクリックし、新しいシークレット情報をコピーし、`DISCORD_CLIENT_SECRET`として`.env`に追加します。
+4. 「Client ID」をコピーし、`AUTH_DISCORD_ID`として`.env`に追加します。
+5. 「Reset Secret」をクリックし、新しいシークレット情報をコピーし、`AUTH_DISCORD_SECRET`として`.env`に追加します。
 6. 「Add Redirect」をクリックし、`http://localhost:3000/api/auth/callback/discord`と入力します。
 
    - 本番環境でのデプロイの場合は、前述の手順で別の Discord アプリケーションを作成しますが、今回は`http://localhost:3000`をデプロイ先の URL で置き換えてください。

diff --git a/www/src/pages/ja/usage/next-auth.md b/www/src/pages/ja/usage/next-auth.md
@@ -181,8 +181,8 @@ NextAuth.js を Next.js ミドルウェアで利用する場合、認証に [JWT
 1. [Discord Developer Portal の Application セクション](https://discord.com/developers/applications)に向かい「New Application」をクリックします。
 2. 設定メニューの 「OAuth2 ⇒ General」に行きます
 
-- Client ID をコピーして、`.env`の`DISCORD_CLIENT_ID`に貼り付けます。
-- Client Secret の下にある 「Reset Secret」をクリックし、その文字列を`.env`の`DISCORD_CLIENT_SECRET`にコピーしてください。このシークレット情報は二度と表示されないことと、リセットすると既存のシークレット情報は失効してしまうことについて注意してください。
+- Client ID をコピーして、`.env`の`AUTH_DISCORD_ID`に貼り付けます。
+- Client Secret の下にある 「Reset Secret」をクリックし、その文字列を`.env`の`AUTH_DISCORD_SECRET`にコピーしてください。このシークレット情報は二度と表示されないことと、リセットすると既存のシークレット情報は失効してしまうことについて注意してください。
 - 「Add Redirect」をクリックし、`<app url>/api/auth/callback/discord` を貼り付ける(ローカル開発サーバの場合の例：<code class="break-all">http://localhost:3000/api/auth/callback/discord</code>)
 - 変更を保存します
 - 開発用と本番用で同じ Discord Application を使用できますが、推奨はしません。また、開発時には[プロバイダをモックする](https://github.com/trpc/trpc/blob/main/examples/next-prisma-websockets-starter/src/pages/api/auth/%5B...nextauth%5D.ts)こと検討するのもよいでしょう。

diff --git a/www/src/pages/no/usage/first-steps.md b/www/src/pages/no/usage/first-steps.md
@@ -20,8 +20,8 @@ Hvis du foretrekker en annen autentiseringsleverandør, kan du også bruke en av
 1. Du trenger en Discord-konto. Meld deg på hvis du ikke har en ennå.
 2. Naviger til https://discord.com/developers/applications og klikk "New Application" øverst til høyre. Gi applikasjonen din et navn og godta vilkårene for bruk.
 3. Når applikasjonen din er opprettet, naviger til "Settings → OAuth2 → General".
-4. Kopier "Client ID" og lim den inn i `.env` som `DISCORD_CLIENT_ID`.
-5. Klikk "Reset Secret", kopier den nye hemmeligheten og lim inn verdien i `.env` som `DISCORD_CLIENT_SECRET`.
+4. Kopier "Client ID" og lim den inn i `.env` som `AUTH_DISCORD_ID`.
+5. Klikk "Reset Secret", kopier den nye hemmeligheten og lim inn verdien i `.env` som `AUTH_DISCORD_SECRET`.
 6. Klikk "Add Redirect" og skriv inn `http://localhost:3000/api/auth/callback/discord`.
    - For utrulling i produksjonsmiljø må de foregående trinnene følges på nytt for å lage en annen Discord-applikasjon. Denne gangen erstatt `http://localhost:3000` med URL-en du publiserer til.
 7. Lagre endringene.