feat(module): warn for missing secret key #296
Conversation
Currently, there is no warning when building a project for production and no secret key is set.
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #296 +/- ##
==========================================
- Coverage 19.26% 18.01% -1.26%
==========================================
Files 12 13 +1
Lines 493 555 +62
Branches 23 25 +2
==========================================
+ Hits 95 100 +5
- Misses 398 455 +57 ☔ View full report in Codecov by Sentry. |
src/module.ts
Outdated
| resolve(nuxt.options.rootDir, options.secretKeyPath), | ||
| 'utf-8' | ||
| ) | ||
| } catch {} |
There was a problem hiding this comment.
The try-catch looks awkward, should we keep it? Or is there any better style to write such a thing?
There was a problem hiding this comment.
we could use async with an inline .catch(() => null)
src/module.ts
Outdated
| } | ||
| if (!secretKey) { | ||
| logger.warn( | ||
| 'No secret key was provided. Make sure you pass one at runtime by setting NUXT_TURNSTILE_SECRET_KEY.' |
There was a problem hiding this comment.
if a secret key is provided in .env this warning will wrongly trigger because it won't be present in nuxt.options.runtimeConfig. We have new utilities in kit from v3.12 that will make this easier in future: nuxt/nuxt#27117.
But for now if we want this warning we should move the warning to the runtime code.
There was a problem hiding this comment.
I'll wait for Nuxt 3.12 which looks to be landing soon.
Currently, there is no warning when building a project for production and no secret key is set.
This is the first step I did while working on moving secret sourcing to the runtime: #297
I think it might not the best idea to include a secret in a build, thus my proposal to only source it at runtime.