refactor(frontend): share Clerk publishable-key heuristic across client+server
This commit is contained in:
Ishan (OpenClaw)
@@ -17,26 +17,14 @@ import {
|
||||
|
||||
import type { ComponentProps } from "react";
|
||||
|
||||
export function isValidClerkPublishableKey(key: string | undefined): key is string {
|
||||
if (!key) return false;
|
||||
// Clerk publishable keys look like: pk_test_... or pk_live_...
|
||||
// In CI we want builds to stay secretless; if the key isn't present/valid,
|
||||
// we skip Clerk entirely so `next build` can prerender.
|
||||
//
|
||||
// Note: Clerk appears to validate key *contents*, not just shape. We therefore
|
||||
// use a conservative heuristic to avoid treating obvious placeholders as valid.
|
||||
const m = /^pk_(test|live)_([A-Za-z0-9]+)$/.exec(key);
|
||||
if (!m) return false;
|
||||
const body = m[2];
|
||||
if (body.length < 16) return false;
|
||||
if (/^0+$/.test(body)) return false;
|
||||
return true;
|
||||
}
|
||||
import { isLikelyValidClerkPublishableKey } from "@/auth/clerkKey";
|
||||
|
||||
export function isClerkEnabled(): boolean {
|
||||
// IMPORTANT: keep this in sync with AuthProvider; otherwise components like
|
||||
// <SignedOut/> may render without a <ClerkProvider/> and crash during prerender.
|
||||
return isValidClerkPublishableKey(process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY);
|
||||
return isLikelyValidClerkPublishableKey(
|
||||
process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY,
|
||||
);
|
||||
}
|
||||
|
||||
export function SignedIn(props: { children: ReactNode }) {
|
||||
|
||||
22
frontend/src/auth/clerkKey.ts
Normal file
22
frontend/src/auth/clerkKey.ts
Normal file
@@ -0,0 +1,22 @@
|
||||
// Shared Clerk publishable-key gating logic.
|
||||
//
|
||||
// IMPORTANT: keep this file dependency-free (no `"use client"`, no React, no Clerk imports)
|
||||
// so it can be used from both client and server/edge entrypoints.
|
||||
|
||||
export function isLikelyValidClerkPublishableKey(key: string | undefined): key is string {
|
||||
if (!key) return false;
|
||||
|
||||
// Clerk publishable keys look like: pk_test_... or pk_live_...
|
||||
// In CI we want builds to stay secretless; if the key isn't present/valid,
|
||||
// we skip Clerk entirely so `next build` can prerender.
|
||||
//
|
||||
// Note: this is a conservative heuristic (not an authoritative validation).
|
||||
const m = /^pk_(test|live)_([A-Za-z0-9]+)$/.exec(key);
|
||||
if (!m) return false;
|
||||
|
||||
const body = m[2];
|
||||
if (body.length < 16) return false;
|
||||
if (/^0+$/.test(body)) return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
@@ -3,12 +3,12 @@
|
||||
import { ClerkProvider } from "@clerk/nextjs";
|
||||
import type { ReactNode } from "react";
|
||||
|
||||
import { isValidClerkPublishableKey } from "@/auth/clerk";
|
||||
import { isLikelyValidClerkPublishableKey } from "@/auth/clerkKey";
|
||||
|
||||
export function AuthProvider({ children }: { children: ReactNode }) {
|
||||
const publishableKey = process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY;
|
||||
|
||||
if (!isValidClerkPublishableKey(publishableKey)) {
|
||||
if (!isLikelyValidClerkPublishableKey(publishableKey)) {
|
||||
return <>{children}</>;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,7 +1,10 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import { clerkMiddleware } from "@clerk/nextjs/server";
|
||||
|
||||
const isClerkEnabled = () => Boolean(process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY);
|
||||
import { isLikelyValidClerkPublishableKey } from "@/auth/clerkKey";
|
||||
|
||||
const isClerkEnabled = () =>
|
||||
isLikelyValidClerkPublishableKey(process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY);
|
||||
|
||||
export default isClerkEnabled() ? clerkMiddleware() : () => NextResponse.next();
|
||||
|
||||
|
||||
Reference in New Issue
Block a user