Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions .changeset/frontend-url-env-parsing.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
'seamless-auth-api': patch
---

Parse the `FRONTEND_URL` env var as a single string in `parseSystemConfigEnvValue`.
The `frontend_url` system config was added to the env map and schema but never
handled by the env parser, so bootstrap threw `Unhandled system config key:
frontend_url` whenever `FRONTEND_URL` was set. Document the variable in
`.env.example`.
3 changes: 3 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,9 @@ TOTP_SECRET_ENCRYPTION_KEY=
RPID=localhost
ORIGINS=http://localhost:5173,http://localhost:5174

# Base URL for links emailed to users (magic links). Falls back to the first ORIGINS entry when unset.
FRONTEND_URL=http://localhost:5173

# OAUTH
# JSON array of provider config. Provider client secrets stay in env vars referenced by
# clientSecretEnv, never in system_config or this JSON value.
Expand Down
2 changes: 0 additions & 2 deletions src/schemas/systemConfig.schema.ts
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,6 @@ export const SystemConfigSchema = z.object({
rpid: z.string().min(1),
origins: z.array(z.url()).min(1),

// Base URL of the user-facing frontend, used to build links emailed to users
// (e.g. magic links). Falls back to origins[0] when unset.
frontend_url: z.url().optional(),
});

Expand Down
4 changes: 1 addition & 3 deletions src/utils/parseEnvConfigs.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,6 @@ export function parseSystemConfigEnvValue(key: keyof typeof SYSTEM_CONFIG_ENV_MA
.filter(Boolean);

case 'oauth_providers':
// Validate through the schema so per-provider defaults (subjectJsonPath,
// emailJsonPath, ...) are applied; raw JSON.parse leaves them undefined and
// OAuth profile extraction then silently fails.
return z.array(OAuthProviderConfigSchema).parse(JSON.parse(raw));

case 'lockout_policy':
Expand All @@ -40,6 +37,7 @@ export function parseSystemConfigEnvValue(key: keyof typeof SYSTEM_CONFIG_ENV_MA
case 'refresh_token_ttl':
case 'rpid':
case 'app_name':
case 'frontend_url':
return raw;

default:
Expand Down
6 changes: 6 additions & 0 deletions tests/unit/utils/parseSystemConfigEnvValue.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,12 @@ describe('parseSystemConfigEnvValue', () => {

expect(result).toBe('SeamlessAuth');
});

it('returns frontend_url as a single string, not an array', () => {
const result = parseSystemConfigEnvValue('frontend_url', 'http://localhost:5173');

expect(result).toBe('http://localhost:5173');
});
});

describe('boolean parsing', () => {
Expand Down
Loading