gb_flea/paperclip
1
0
Fork 0
forked from farhoodlabs/paperclip
Code Pull Requests Activity

fix: remove hardcoded JWT secret fallback from createBetterAuthInstance

Browse Source
This commit is contained in:
Daniel Luca
2026-04-08 17:51:21 +03:00
parent 316790ea0a
commit b7a7dacfa3
3 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/auth/better-auth.ts
+7 -1
View File
@@ -67,7 +67,13 @@ export function deriveAuthTrustedOrigins(config: Config): string[] {
export function createBetterAuthInstance(db: Db, config: Config, trustedOrigins?: string[]): BetterAuthInstance {
const baseUrl = config.authBaseUrlMode === "explicit" ? config.authPublicBaseUrl : undefined;
const secret = process.env.BETTER_AUTH_SECRET ?? process.env.PAPERCLIP_AGENT_JWT_SECRET ?? "paperclip-dev-secret";
const secret = process.env.BETTER_AUTH_SECRET ?? process.env.PAPERCLIP_AGENT_JWT_SECRET;
if (!secret) {
throw new Error(
"BETTER_AUTH_SECRET (or PAPERCLIP_AGENT_JWT_SECRET) must be set. " +
"For local development, set BETTER_AUTH_SECRET=paperclip-dev-secret in your .env file.",
);
}
const effectiveTrustedOrigins = trustedOrigins ?? deriveAuthTrustedOrigins(config);
const publicUrl = process.env.PAPERCLIP_PUBLIC_URL ?? baseUrl;