fix: support AUTH_SECRET for compat with npx auth secret

balazsorban44 · balazsorban44 · commit 490a033cf039 · 2024-10-24T18:54:49.000+02:00
diff --git a/packages/next-auth/src/jwt/index.ts b/packages/next-auth/src/jwt/index.ts
@@ -80,7 +80,7 @@ export async function getToken<R extends boolean = false>(
     raw,
     decode: _decode = decode,
     logger = console,
-    secret = process.env.NEXTAUTH_SECRET,
+    secret = process.env.NEXTAUTH_SECRET ?? process.env.AUTH_SECRET,
   } = params
 
   if (!req) throw new Error("Must pass `req` to JWT getToken()")
diff --git a/packages/next-auth/src/next/index.ts b/packages/next-auth/src/next/index.ts
@@ -27,7 +27,10 @@ async function NextAuthApiHandler(
 ) {
   const { nextauth, ...query } = req.query
 
-  options.secret ??= options.jwt?.secret ?? process.env.NEXTAUTH_SECRET
+  options.secret ??=
+    options.jwt?.secret ??
+    process.env.NEXTAUTH_SECRET ??
+    process.env.AUTH_SECRET
 
   const handler = await AuthHandler({
     req: {
@@ -71,7 +74,7 @@ async function NextAuthRouteHandler(
   context: RouteHandlerContext,
   options: AuthOptions
 ) {
-  options.secret ??= process.env.NEXTAUTH_SECRET
+  options.secret ??= process.env.NEXTAUTH_SECRET ?? process.env.AUTH_SECRET
 
   // eslint-disable-next-line @typescript-eslint/no-var-requires
   const { headers, cookies } = require("next/headers")
@@ -175,7 +178,7 @@ export async function getServerSession<
   O extends GetServerSessionOptions,
   R = O["callbacks"] extends { session: (...args: any[]) => infer U }
     ? U
-    : Session,
+    : Session
 >(...args: GetServerSessionParams<O>): Promise<R | null> {
   const isRSC = args.length === 0 || args.length === 1
 
@@ -198,7 +201,7 @@ export async function getServerSession<
     options = Object.assign({}, args[2], { providers: [] })
   }
 
-  options.secret ??= process.env.NEXTAUTH_SECRET
+  options.secret ??= process.env.NEXTAUTH_SECRET ?? process.env.AUTH_SECRET
 
   const session = await AuthHandler<Session | {} | string>({
     options,
@@ -233,7 +236,7 @@ export async function unstable_getServerSession<
   O extends GetServerSessionOptions,
   R = O["callbacks"] extends { session: (...args: any[]) => infer U }
     ? U
-    : Session,
+    : Session
 >(...args: GetServerSessionParams<O>): Promise<R | null> {
   if (!deprecatedWarningShown && process.env.NODE_ENV !== "production") {
     console.warn(
@@ -250,6 +253,8 @@ declare global {
   namespace NodeJS {
     interface ProcessEnv {
       NEXTAUTH_URL?: string
+      NEXTAUTH_SECRET?: string
+      AUTH_SECRET?: string
       VERCEL?: "1"
     }
   }
diff --git a/packages/next-auth/src/next/middleware.ts b/packages/next-auth/src/next/middleware.ts
@@ -118,7 +118,8 @@ async function handleMiddleware(
     return
   }
 
-  const secret = options?.secret ?? process.env.NEXTAUTH_SECRET
+  const secret =
+    options?.secret ?? process.env.NEXTAUTH_SECRET ?? process.env.AUTH_SECRET
   if (!secret) {
     console.error(
       `[next-auth][error][NO_SECRET]`,

Original file line number	Diff line number	Diff line change
`@@ -118,7 +118,8 @@ async function handleMiddleware(`
`118`	`118`	`return`
`119`	`119`	`}`
`120`	`120`
`121`		`- const secret = options?.secret ?? process.env.NEXTAUTH_SECRET`
	`121`	`+ const secret =`
	`122`	`+ options?.secret ?? process.env.NEXTAUTH_SECRET ?? process.env.AUTH_SECRET`
`122`	`123`	`if (!secret) {`
`123`	`124`	`console.error(`
`124`	`125`	`[next-auth][error][NO_SECRET]`,