fix
All checks were successful
Build and Push Container Image / build-and-push (push) Successful in 5m6s

This commit is contained in:
2026-05-26 18:04:15 +02:00
parent 8e02f673ca
commit 921560d14d
4 changed files with 59 additions and 54 deletions

View File

@@ -60,16 +60,31 @@ spec:
secretKeyRef: secretKeyRef:
name: taskarr-app name: taskarr-app
key: BETTER_AUTH_SECRET key: BETTER_AUTH_SECRET
- name: GITEA_CLIENT_SECRET - name: GITHUB_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: taskarr-app name: taskarr-app
key: GITEA_CLIENT_SECRET key: GITHUB_CLIENT_SECRET
- name: GITEA_CLIENT_ID - name: GITHUB_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: taskarr-app name: taskarr-app
key: GITEA_CLIENT_ID key: GITHUB_CLIENT_ID
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: taskarr-app
key: GITHUB_APP_ID
- name: GITHUB_APP_SLUG
valueFrom:
secretKeyRef:
name: taskarr-app
key: GITHUB_APP_SLUG
- name: GITHUB_APP_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: taskarr-app
key: GITHUB_APP_PRIVATE_KEY
restartPolicy: Always restartPolicy: Always
--- ---

View File

@@ -5,23 +5,35 @@ import { env } from '$env/dynamic/private';
import { getRequestEvent } from '$app/server'; import { getRequestEvent } from '$app/server';
import { db } from '$lib/server/db'; import { db } from '$lib/server/db';
if (!env.ORIGIN) throw new Error('ORIGIN is not set'); function createAuth() {
if (!env.BETTER_AUTH_SECRET) throw new Error('BETTER_AUTH_SECRET is not set'); const origin = env.ORIGIN;
if (!env.GITHUB_CLIENT_ID) throw new Error('GITHUB_CLIENT_ID is not set'); if (!origin) throw new Error('ORIGIN is not set');
if (!env.GITHUB_CLIENT_SECRET) throw new Error('GITHUB_CLIENT_SECRET is not set'); const secret = env.BETTER_AUTH_SECRET;
if (!secret) throw new Error('BETTER_AUTH_SECRET is not set');
const clientId = env.GITHUB_CLIENT_ID;
if (!clientId) throw new Error('GITHUB_CLIENT_ID is not set');
const clientSecret = env.GITHUB_CLIENT_SECRET;
if (!clientSecret) throw new Error('GITHUB_CLIENT_SECRET is not set');
export const auth = betterAuth({ return betterAuth({
baseURL: env.ORIGIN, baseURL: origin,
secret: env.BETTER_AUTH_SECRET, secret,
database: drizzleAdapter(db, { provider: 'pg' }), database: drizzleAdapter(db, { provider: 'pg' }),
emailAndPassword: { enabled: true }, emailAndPassword: { enabled: true },
socialProviders: { socialProviders: {
github: { github: { clientId, clientSecret }
clientId: env.GITHUB_CLIENT_ID,
clientSecret: env.GITHUB_CLIENT_SECRET
}
}, },
plugins: [ plugins: [
sveltekitCookies(getRequestEvent) // make sure this is the last plugin in the array sveltekitCookies(getRequestEvent)
] ]
}); });
}
let _auth: ReturnType<typeof betterAuth>;
export const auth = new Proxy({} as ReturnType<typeof betterAuth>, {
get(target, prop) {
if (!_auth) _auth = createAuth();
return Reflect.get(_auth, prop, target);
}
});

View File

@@ -2,7 +2,4 @@ import { drizzle } from 'drizzle-orm/node-postgres';
import * as schema from './schema'; import * as schema from './schema';
import { env } from '$env/dynamic/private'; import { env } from '$env/dynamic/private';
if (!env.DATABASE_URL) throw new Error('DATABASE_URL is not set');
export const db = drizzle(env.DATABASE_URL, { schema }); export const db = drizzle(env.DATABASE_URL, { schema });

View File

@@ -14,25 +14,6 @@ type InstallState = {
userId: string; userId: string;
}; };
function requireEnv(name: string) {
switch (name) {
case 'GITHUB_APP_ID':
if (!env.GITHUB_APP_ID) throw new Error('GITHUB_APP_ID is not set');
return env.GITHUB_APP_ID;
case 'GITHUB_APP_SLUG':
if (!env.GITHUB_APP_SLUG) throw new Error('GITHUB_APP_SLUG is not set');
return env.GITHUB_APP_SLUG;
case 'GITHUB_APP_PRIVATE_KEY':
if (!env.GITHUB_APP_PRIVATE_KEY) throw new Error('GITHUB_APP_PRIVATE_KEY is not set');
return env.GITHUB_APP_PRIVATE_KEY;
case 'BETTER_AUTH_SECRET':
if (!env.BETTER_AUTH_SECRET) throw new Error('BETTER_AUTH_SECRET is not set');
return env.BETTER_AUTH_SECRET;
default:
throw new Error(`${name} is not supported`);
}
}
export function hasGitHubAppPrivateKey() { export function hasGitHubAppPrivateKey() {
return Boolean(env.GITHUB_APP_PRIVATE_KEY); return Boolean(env.GITHUB_APP_PRIVATE_KEY);
} }
@@ -64,32 +45,32 @@ function verifyState(state: string, secret: string) {
} }
export function getGitHubInstallUrl(input: { redirect?: string; userId: string }) { export function getGitHubInstallUrl(input: { redirect?: string; userId: string }) {
const slug = requireEnv('GITHUB_APP_SLUG'); if (!env.GITHUB_APP_SLUG) throw new Error('GITHUB_APP_SLUG is not set');
const secret = requireEnv('BETTER_AUTH_SECRET'); if (!env.BETTER_AUTH_SECRET) throw new Error('BETTER_AUTH_SECRET is not set');
const redirect = input.redirect ?? '/integrations'; const redirect = input.redirect ?? '/integrations';
const base = new URL(`https://github.com/apps/${slug}/installations/new`); const base = new URL(`https://github.com/apps/${env.GITHUB_APP_SLUG}/installations/new`);
base.searchParams.set('state', signState({ redirect, userId: input.userId }, secret)); base.searchParams.set('state', signState({ redirect, userId: input.userId }, env.BETTER_AUTH_SECRET));
return base.toString(); return base.toString();
} }
export function decodeInstallState(state?: string) { export function decodeInstallState(state?: string) {
if (!state) return { redirect: '/integrations' }; if (!state) return { redirect: '/integrations' };
const secret = requireEnv('BETTER_AUTH_SECRET'); if (!env.BETTER_AUTH_SECRET) throw new Error('BETTER_AUTH_SECRET is not set');
const parsed = verifyState(state, secret); const parsed = verifyState(state, env.BETTER_AUTH_SECRET);
if (!parsed) return { redirect: '/integrations' }; if (!parsed) return { redirect: '/integrations' };
return { redirect: parsed.redirect || '/integrations', userId: parsed.userId }; return { redirect: parsed.redirect || '/integrations', userId: parsed.userId };
} }
function createGitHubAppJwt() { function createGitHubAppJwt() {
const appId = requireEnv('GITHUB_APP_ID'); if (!env.GITHUB_APP_ID) throw new Error('GITHUB_APP_ID is not set');
const privateKey = requireEnv('GITHUB_APP_PRIVATE_KEY'); if (!env.GITHUB_APP_PRIVATE_KEY) throw new Error('GITHUB_APP_PRIVATE_KEY is not set');
const now = Math.floor(Date.now() / 1000); const now = Math.floor(Date.now() / 1000);
const header = base64urlJson({ alg: 'RS256', typ: 'JWT' }); const header = base64urlJson({ alg: 'RS256', typ: 'JWT' });
const payload = base64urlJson({ iat: now - 60, exp: now + 9 * 60, iss: appId }); const payload = base64urlJson({ iat: now - 60, exp: now + 9 * 60, iss: env.GITHUB_APP_ID });
const signer = createSign('RSA-SHA256'); const signer = createSign('RSA-SHA256');
signer.update(`${header}.${payload}`); signer.update(`${header}.${payload}`);
signer.end(); signer.end();
const key = createPrivateKey(normalizePrivateKey(privateKey)); const key = createPrivateKey(normalizePrivateKey(env.GITHUB_APP_PRIVATE_KEY));
const signature = signer.sign(key, 'base64url'); const signature = signer.sign(key, 'base64url');
return `${header}.${payload}.${signature}`; return `${header}.${payload}.${signature}`;
} }