fix(backend): Replace as string with default empty string

The `as string` silents the typescript error but in the runtime
the code fails if the value of `null` or `undefined` is passed
in a function that expects a string to be passed.
Failures may be caused by invoking string specific methods (eg `startsWith`)
which raise a `Cannot read properties of undefined` error.

packages/backend/src/tokens/interstitialRule.ts

@@ -25,7 +25,7 @@ const isBrowser = (userAgent: string | undefined) => VALID_USER_AGENTS.test(user
 // automatically treated as signed out. This exception is needed for development, because the any // missing uat throws an interstitial in development.
 export const nonBrowserRequestInDevRule: InterstitialRule = options => {
   const { secretKey, userAgent } = options;
-  if (isDevelopmentFromApiKey(secretKey as string) && !isBrowser(userAgent)) {
+  if (isDevelopmentFromApiKey(secretKey || '') && !isBrowser(userAgent)) {
     return signedOut(options, AuthErrorReason.HeaderMissingNonBrowser);
   }
   return undefined;
@@ -49,8 +49,8 @@ export const crossOriginRequestWithoutHeader: InterstitialRule = options => {
 };
 
 export const isPrimaryInDevAndRedirectsToSatellite: InterstitialRule = options => {
-  const { secretKey, isSatellite, searchParams } = options;
-  const isDev = isDevelopmentFromApiKey(secretKey as string);
+  const { secretKey = '', isSatellite, searchParams } = options;
+  const isDev = isDevelopmentFromApiKey(secretKey);
 
   if (isDev && !isSatellite && shouldRedirectToSatelliteUrl(searchParams)) {
     return interstitial(options, AuthErrorReason.PrimaryRespondsToSyncing);
@@ -59,8 +59,8 @@ export const isPrimaryInDevAndRedirectsToSatellite: InterstitialRule = options =
 };
 
 export const potentialFirstLoadInDevWhenUATMissing: InterstitialRule = options => {
-  const { secretKey, clientUat } = options;
-  const res = isDevelopmentFromApiKey(secretKey as string);
+  const { secretKey = '', clientUat } = options;
+  const res = isDevelopmentFromApiKey(secretKey);
   if (res && !clientUat) {
     return interstitial(options, AuthErrorReason.CookieUATMissing);
   }
@@ -72,20 +72,20 @@ export const potentialFirstLoadInDevWhenUATMissing: InterstitialRule = options =
  * It is expected that a primary app will trigger a redirect back to the satellite app.
  */
 export const potentialRequestAfterSignInOrOutFromClerkHostedUiInDev: InterstitialRule = options => {
-  const { secretKey, referrer, host, forwardedHost, forwardedProto } = options;
+  const { secretKey = '', referrer, host, forwardedHost, forwardedProto } = options;
   const crossOriginReferrer =
     referrer && checkCrossOrigin({ originURL: new URL(referrer), host, forwardedHost, forwardedProto });
 
-  if (isDevelopmentFromApiKey(secretKey as string) && crossOriginReferrer) {
+  if (isDevelopmentFromApiKey(secretKey) && crossOriginReferrer) {
     return interstitial(options, AuthErrorReason.CrossOriginReferrer);
   }
   return undefined;
 };
 
 export const potentialFirstRequestOnProductionEnvironment: InterstitialRule = options => {
-  const { secretKey, clientUat, cookieToken } = options;
+  const { secretKey = '', clientUat, cookieToken } = options;
 
-  if (isProductionFromApiKey(secretKey as string) && !clientUat && !cookieToken) {
+  if (isProductionFromApiKey(secretKey) && !clientUat && !cookieToken) {
     return signedOut(options, AuthErrorReason.CookieAndUATMissing);
   }
   return undefined;

packages/backend/src/util/IsomorphicRequest.ts

@@ -34,7 +34,7 @@ const decode = (str: string): string => {
 };
 
 const parseIsomorphicRequestCookies = (req: Request) => {
-  const cookies = req.headers && req.headers?.get('cookie') ? parse(req.headers.get('cookie') as string) : {};
+  const cookies = req.headers && req.headers?.get('cookie') ? parse(req.headers.get('cookie') || '') : {};
   return (key: string): string | undefined => {
     const value = cookies?.[key];
     if (value === undefined) {