diff --git a/.cursor/rules/features/delayed-actions.mdc b/.cursor/rules/features/delayed-actions.mdc index 73ed656847..13b00ee71c 100644 --- a/.cursor/rules/features/delayed-actions.mdc +++ b/.cursor/rules/features/delayed-actions.mdc @@ -73,7 +73,7 @@ model ScheduledAction { const notBefore = getUnixTime(addMinutes(new Date(), delayInMinutes)); const response = await qstash.publishJSON({ - url: `${process.env.NEXTAUTH_URL}/api/scheduled-actions/execute`, + url: `${env.NEXT_PUBLIC_BASE_URL}/api/scheduled-actions/execute`, body: { scheduledActionId: scheduledAction.id, }, diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 99c3417d21..8be0d290ea 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -44,7 +44,7 @@ jobs: env: RUN_AI_TESTS: false DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/postgres" - NEXTAUTH_SECRET: "secret" + AUTH_SECRET: "secret" GOOGLE_CLIENT_ID: "client_id" GOOGLE_CLIENT_SECRET: "client_secret" MICROSOFT_CLIENT_ID: "client_id" diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md index 9fedadf7c0..66e7bff1cc 100644 --- a/ARCHITECTURE.md +++ b/ARCHITECTURE.md @@ -37,7 +37,7 @@ The Inbox Zero repository is structured as a monorepo, consisting of two main ap - `sanity/`: Integration with Sanity CMS for blog and content management. - **Key Functionalities:** - User interface for all features (AI assistant, unsubscriber, analytics, settings). - - User authentication and session management (NextAuth.js). + - User authentication and session management (Better Auth). - API endpoints for interacting with Gmail API, AI models, and other services. - Server-side rendering and data fetching. - Integration with payment processing (Lemon Squeezy) and analytics (Tinybird, PostHog). @@ -116,7 +116,7 @@ The Inbox Zero repository is structured as a monorepo, consisting of two main ap The application exposes the following API endpoints under `apps/web/app/api/`: - `/api/ai/*`: AI-related endpoints (categorization, summarization, autocomplete, models). -- `/api/auth/*`: Authentication endpoints (NextAuth.js). +- `/api/auth/*`: Authentication endpoints (Better Auth). - `/api/google/*`: Gmail API proxy endpoints (messages, threads, labels, drafts, contacts, webhook, watch). - `/api/lemon-squeezy/*`: Lemon Squeezy webhook and API integration endpoints. - `/api/resend/*`: Resend API integration endpoints (email sending, summary emails, all emails). diff --git a/README.md b/README.md index 6b1ad2a5d5..335aa9e99f 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ If you're looking to contribute to the project, the email client is the best pla
-[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Felie222%2Finbox-zero&env=NEXTAUTH_SECRET,GOOGLE_CLIENT_ID,GOOGLE_CLIENT_SECRET,MICROSOFT_CLIENT_ID,MICROSOFT_CLIENT_SECRET,EMAIL_ENCRYPT_SECRET,EMAIL_ENCRYPT_SALT,UPSTASH_REDIS_URL,UPSTASH_REDIS_TOKEN,GOOGLE_PUBSUB_TOPIC_NAME,DATABASE_URL) +[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Felie222%2Finbox-zero&env=AUTH_SECRET,GOOGLE_CLIENT_ID,GOOGLE_CLIENT_SECRET,MICROSOFT_CLIENT_ID,MICROSOFT_CLIENT_SECRET,EMAIL_ENCRYPT_SECRET,EMAIL_ENCRYPT_SALT,UPSTASH_REDIS_URL,UPSTASH_REDIS_TOKEN,GOOGLE_PUBSUB_TOPIC_NAME,DATABASE_URL,NEXT_PUBLIC_BASE_URL) ## Features @@ -110,7 +110,7 @@ The required environment variables: Secrets: -- `NEXTAUTH_SECRET` -- can be any random string (try using `openssl rand -hex 32` for a quick secure random string) +- `AUTH_SECRET` -- can be any random string (try using `openssl rand -hex 32` for a quick secure random string) - `EMAIL_ENCRYPT_SECRET` -- Secret key for encrypting OAuth tokens (try using `openssl rand -hex 32` for a secure key) - `EMAIL_ENCRYPT_SALT` -- Salt for encrypting OAuth tokens (try using `openssl rand -hex 16` for a secure salt) diff --git a/apps/web/.env.example b/apps/web/.env.example index d20904010b..e8a893ce04 100644 --- a/apps/web/.env.example +++ b/apps/web/.env.example @@ -1,9 +1,7 @@ DATABASE_URL="postgresql://postgres:password@localhost:5432/inboxzero?schema=public" DIRECT_URL="postgresql://postgres:password@localhost:5432/inboxzero?schema=public" -NEXTAUTH_SECRET= # Generate a random secret here: https://generate-secret.vercel.app/32 -NEXTAUTH_URL=http://localhost:3000 -AUTH_TRUST_HOST= # Set to `true` if running with Docker. See https://authjs.dev/getting-started/deployment#auth_trust_host +AUTH_SECRET= # Generate a random secret here: https://generate-secret.vercel.app/32 # Gmail GOOGLE_CLIENT_ID= diff --git a/apps/web/app/(landing)/login/error/AutoLogOut.tsx b/apps/web/app/(landing)/login/error/AutoLogOut.tsx index 74bffe390b..032d733b90 100644 --- a/apps/web/app/(landing)/login/error/AutoLogOut.tsx +++ b/apps/web/app/(landing)/login/error/AutoLogOut.tsx @@ -7,7 +7,6 @@ export default function AutoLogOut(props: { loggedIn: boolean }) { useEffect(() => { // this may fix the sign in error // have been seeing this error when a user is not properly logged out and an attempt is made to link accounts instead of logging in. - // More here: https://github.com/nextauthjs/next-auth/issues/3300 if (props.loggedIn) { console.log("Logging user out"); logOut(); diff --git a/apps/web/env.ts b/apps/web/env.ts index 20aedb54e3..e71bb2b616 100644 --- a/apps/web/env.ts +++ b/apps/web/env.ts @@ -18,10 +18,8 @@ export const env = createEnv({ NODE_ENV: z.enum(["development", "production", "test"]), DATABASE_URL: z.string().url(), - NEXTAUTH_SECRET: z.string().min(1), - NEXTAUTH_URL: z.string().optional(), - AUTH_TRUST_HOST: z.coerce.boolean().optional(), - + AUTH_SECRET: z.string().optional(), + NEXTAUTH_SECRET: z.string().optional(), GOOGLE_CLIENT_ID: z.string().min(1), GOOGLE_CLIENT_SECRET: z.string().min(1), MICROSOFT_CLIENT_ID: z.string().optional(), @@ -225,3 +223,9 @@ export const env = createEnv({ NEXT_PUBLIC_DUB_REFER_DOMAIN: process.env.NEXT_PUBLIC_DUB_REFER_DOMAIN, }, }); + +if (!env.AUTH_SECRET && !env.NEXTAUTH_SECRET) { + throw new Error( + "Either AUTH_SECRET or NEXTAUTH_SECRET environment variable must be defined", + ); +} diff --git a/apps/web/utils/auth.ts b/apps/web/utils/auth.ts index b1eb29d1e4..b357fb5d4f 100644 --- a/apps/web/utils/auth.ts +++ b/apps/web/utils/auth.ts @@ -43,7 +43,7 @@ export const betterAuthConfig = betterAuth({ }, baseURL: env.NEXT_PUBLIC_BASE_URL, trustedOrigins: [env.NEXT_PUBLIC_BASE_URL], - secret: process.env.NEXTAUTH_SECRET, + secret: env.AUTH_SECRET || env.NEXTAUTH_SECRET, emailAndPassword: { enabled: false, }, diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index 4fdac06e65..580c6723db 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -34,8 +34,7 @@ ENV NODE_ENV=production # Provide dummy build-time ENV VARS (Still needed for build) ENV DATABASE_URL="postgresql://dummy:dummy@dummy:5432/dummy?schema=public" ENV DIRECT_URL="postgresql://dummy:dummy@dummy:5432/dummy?schema=public" -ENV NEXTAUTH_SECRET="dummy_secret_for_build_only" -ENV NEXTAUTH_URL="http://localhost:3000" +ENV AUTH_SECRET="dummy_secret_for_build_only" ENV GOOGLE_CLIENT_ID="dummy_id_for_build_only" ENV GOOGLE_CLIENT_SECRET="dummy_secret_for_build_only" ENV EMAIL_ENCRYPT_SECRET="dummy_encrypt_secret_for_build_only" diff --git a/turbo.json b/turbo.json index a05b549a4f..d81176e097 100644 --- a/turbo.json +++ b/turbo.json @@ -8,7 +8,7 @@ "DATABASE_URL", "DIRECT_URL", "NEXTAUTH_SECRET", - "NEXTAUTH_URL", + "AUTH_SECRET", "GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_SECRET",