-
Notifications
You must be signed in to change notification settings - Fork 279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(nextjs): Improve experience when swapping keys on Keyless mode #4787
Changes from 1 commit
99f8850
821544b
a9f36b8
9c2caa2
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||
---|---|---|---|---|---|---|---|---|
@@ -0,0 +1,5 @@ | ||||||||
--- | ||||||||
'@clerk/nextjs': patch | ||||||||
--- | ||||||||
|
||||||||
Improve experience when swapping keys on Keyless mode. | ||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @BRKalow @LauraBeatris is this better ?
panteliselef marked this conversation as resolved.
Show resolved
Hide resolved
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,8 +11,15 @@ import type { NextRequest } from 'next/server'; | |
import { NextResponse } from 'next/server'; | ||
|
||
import { constants as nextConstants } from '../constants'; | ||
import { canUseKeyless__server } from '../utils/feature-flags'; | ||
import { DOMAIN, ENCRYPTION_KEY, IS_SATELLITE, PROXY_URL, SECRET_KEY, SIGN_IN_URL } from './constants'; | ||
import { authSignatureInvalid, encryptionKeyInvalid, missingDomainAndProxy, missingSignInUrlInDev } from './errors'; | ||
import { | ||
authSignatureInvalid, | ||
encryptionKeyInvalid, | ||
encryptionKeyInvalidDev, | ||
missingDomainAndProxy, | ||
missingSignInUrlInDev, | ||
} from './errors'; | ||
import { errorThrower } from './errorThrower'; | ||
import type { RequestLike } from './types'; | ||
|
||
|
@@ -280,10 +287,34 @@ export function decryptClerkRequestData( | |
: ENCRYPTION_KEY || SECRET_KEY || KEYLESS_ENCRYPTION_KEY; | ||
|
||
try { | ||
const decryptedBytes = AES.decrypt(encryptedRequestData, maybeKeylessEncryptionKey); | ||
const encoded = decryptedBytes.toString(encUtf8); | ||
return JSON.parse(encoded); | ||
return decryptData(encryptedRequestData, maybeKeylessEncryptionKey); | ||
} catch (err) { | ||
/** | ||
* There is a great chance when running on Keyless mode that the above fails, | ||
* because the keys hot-swapped and the Next.js dev server has not yet fully rebuilt middleware and routes. | ||
* | ||
* Attempt one more time with the default dummy value. | ||
*/ | ||
if (canUseKeyless__server) { | ||
try { | ||
return decryptData(encryptedRequestData, KEYLESS_ENCRYPTION_KEY); | ||
} catch (e) { | ||
throwInvalidEncryptionKey(); | ||
} | ||
} | ||
Comment on lines
+292
to
+304
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Simple retrying with the dummy value |
||
throwInvalidEncryptionKey(); | ||
} | ||
} | ||
|
||
function throwInvalidEncryptionKey(): never { | ||
if (isProductionEnvironment()) { | ||
throw new Error(encryptionKeyInvalid); | ||
} | ||
throw new Error(encryptionKeyInvalidDev); | ||
} | ||
|
||
function decryptData(data: string, key: string) { | ||
const decryptedBytes = AES.decrypt(data, key); | ||
const encoded = decryptedBytes.toString(encUtf8); | ||
return JSON.parse(encoded); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Should we mention here regarding the hot-swapped .env case? Just to clarify the "improve experience" part