mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-30 21:01:54 +08:00
Summary: Detects conflicting non-empty HEXCLAVE_* and STACK_* values
across shared env helpers, dashboard public envs, generated SDK env
access, Docker scripts, CLI/docs/examples, and related tests.
Verification: pnpm test run packages/shared/src/utils/env.test.tsx
apps/dashboard/src/lib/env.test.tsx packages/cli/src/lib/auth.test.ts;
targeted lint/typecheck across touched workspaces; bash -n/node --check
for changed scripts; node
docker/local-emulator/generate-env-development.mjs --check.
<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Detects and blocks conflicting `HEXCLAVE_*` and `STACK_*` env vars
across the monorepo. Prefers `HEXCLAVE_*`, falls back to `STACK_*` when
empty, and fails fast when both are set to different values.
- **New Features**
- Added conflict-aware env resolvers used across apps, CLI, docs,
examples, and Docker (build/runtime).
- Validates critical vars (e.g., database connection, API/dashboard
URLs, emulator flags, tokens) and ignores post-build sentinel values.
- Prisma, Next.js, and Docker startup now error on mismatched values;
CLI enforces project ID/key conflicts; tests added.
- **Migration**
- If both names are set with different values, builds/tests/scripts will
error. Set only `HEXCLAVE_*` or make both equal.
- Update `.env`, CI secrets, and Docker envs to use `HEXCLAVE_*`. Keep
`STACK_*` only as a temporary fallback.
<sup>Written for commit 4d63fa3bad.
Summary will update on new commits.</sup>
<a
href="https://cubic.dev/pr/hexclave/hexclave/pull/1604?utm_source=github"
target="_blank" rel="noopener noreferrer"
data-no-image-dialog="true"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-light.svg"><img
alt="Review in cubic"
src="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a>
<!-- End of auto-generated description by cubic. -->
44 lines
1.6 KiB
JavaScript
44 lines
1.6 KiB
JavaScript
#!/usr/bin/env node
|
|
// Cross-platform token injection/restoration for SpacetimeDB publish.
|
|
// Replaces the Unix-only sed/mv scripts so pnpm dev works on Windows too.
|
|
|
|
import { readFileSync, writeFileSync, existsSync, renameSync, unlinkSync } from "node:fs";
|
|
import { resolve } from "node:path";
|
|
|
|
const TARGET = resolve("spacetimedb/src/index.ts");
|
|
const BACKUP = TARGET + ".bak";
|
|
const PLACEHOLDER = "__SPACETIMEDB_LOG_TOKEN__";
|
|
|
|
const action = process.argv[2];
|
|
|
|
function resolveHexclaveStackEnvVar(hexclaveName, stackName) {
|
|
const hexclaveValue = process.env[hexclaveName];
|
|
const stackValue = process.env[stackName];
|
|
if (hexclaveValue && stackValue && hexclaveValue !== stackValue) {
|
|
throw new Error(`Environment variables ${hexclaveName} and ${stackName} are both set to different values. Remove one of them or set them to the same value.`);
|
|
}
|
|
return hexclaveValue || stackValue || undefined;
|
|
}
|
|
|
|
if (action === "inject") {
|
|
const token = resolveHexclaveStackEnvVar("HEXCLAVE_MCP_LOG_TOKEN", "STACK_MCP_LOG_TOKEN") || "change-me";
|
|
if (existsSync(BACKUP)) {
|
|
console.error("Refusing to inject: backup already exists. Run restore first.");
|
|
process.exit(1);
|
|
}
|
|
const content = readFileSync(TARGET, "utf8");
|
|
writeFileSync(BACKUP, content, "utf8");
|
|
const escapedToken = JSON.stringify(token).slice(1, -1);
|
|
writeFileSync(TARGET, content.replaceAll(PLACEHOLDER, escapedToken), "utf8");
|
|
} else if (action === "restore") {
|
|
if (existsSync(BACKUP)) {
|
|
if (existsSync(TARGET)) {
|
|
unlinkSync(TARGET);
|
|
}
|
|
renameSync(BACKUP, TARGET);
|
|
}
|
|
} else {
|
|
console.error("Usage: node scripts/spacetime-token.mjs <inject|restore>");
|
|
process.exit(1);
|
|
}
|