-
-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(module): warn for missing secret key #296
base: main
Are you sure you want to change the base?
Conversation
Currently, there is no warning when building a project for production and no secret key is set.
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #296 +/- ##
==========================================
- Coverage 19.26% 18.01% -1.26%
==========================================
Files 12 13 +1
Lines 493 555 +62
Branches 23 25 +2
==========================================
+ Hits 95 100 +5
- Misses 398 455 +57 ☔ View full report in Codecov by Sentry. |
src/module.ts
Outdated
resolve(nuxt.options.rootDir, options.secretKeyPath), | ||
'utf-8' | ||
) | ||
} catch {} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The try-catch looks awkward, should we keep it? Or is there any better style to write such a thing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we could use async with an inline .catch(() => null)
src/module.ts
Outdated
} | ||
if (!secretKey) { | ||
logger.warn( | ||
'No secret key was provided. Make sure you pass one at runtime by setting NUXT_TURNSTILE_SECRET_KEY.' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if a secret key is provided in .env
this warning will wrongly trigger because it won't be present in nuxt.options.runtimeConfig
. We have new utilities in kit from v3.12 that will make this easier in future: nuxt/nuxt#27117.
But for now if we want this warning we should move the warning to the runtime code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll wait for Nuxt 3.12 which looks to be landing soon.
Currently, there is no warning when building a project for production and no secret key is set.
This is the first step I did while working on moving secret sourcing to the runtime: #297
I think it might not the best idea to include a secret in a build, thus my proposal to only source it at runtime.