mirror of
https://github.com/tiennm99/llmapikey.git
synced 2026-07-13 21:07:00 +00:00
02fa52ccf9
- Next.js 15 App Router (JS+JSDoc): landing, auth-gated dashboard, docs - GitHub OAuth via Supabase; identity anchored on numeric provider_id - key provisioning: reserve-then-mint-persist-compensate, one key per account - api_keys in unexposed llmapikey schema via direct Postgres; RLS deny-all - live minting gated behind PROVISIONING_ENABLED; Vercel auto-deploy disabled - unit tests (mask, request-body), RLS deny-all test, reconcile script
52 lines
1.6 KiB
JavaScript
52 lines
1.6 KiB
JavaScript
import "server-only";
|
|
|
|
import { createServerClient } from "@supabase/ssr";
|
|
import { cookies } from "next/headers";
|
|
|
|
/**
|
|
* Cookie-based Supabase client (anon key) for reading/refreshing the auth
|
|
* session on the server. Use this to know WHO the request is (Phase 3 identity),
|
|
* never to touch `api_keys` — that table lives in the unexposed `llmapikey`
|
|
* schema and is reached only via the direct Postgres client (lib/db).
|
|
*
|
|
* In Server Components cookie writes throw; we swallow that — session refresh
|
|
* still works in route handlers / server actions where writes are allowed.
|
|
*
|
|
* @returns {Promise<import('@supabase/supabase-js').SupabaseClient>}
|
|
*/
|
|
export async function createServerAuthClient() {
|
|
const url = requireEnv("NEXT_PUBLIC_SUPABASE_URL");
|
|
const anonKey = requireEnv("NEXT_PUBLIC_SUPABASE_ANON_KEY");
|
|
const cookieStore = await cookies();
|
|
|
|
return createServerClient(url, anonKey, {
|
|
cookies: {
|
|
getAll() {
|
|
return cookieStore.getAll();
|
|
},
|
|
setAll(cookiesToSet) {
|
|
try {
|
|
for (const { name, value, options } of cookiesToSet) {
|
|
cookieStore.set(name, value, options);
|
|
}
|
|
} catch {
|
|
// Called from a Server Component — cookies are read-only here.
|
|
// Safe to ignore: middleware/route handlers refresh the session.
|
|
}
|
|
},
|
|
},
|
|
});
|
|
}
|
|
|
|
/**
|
|
* @param {string} name
|
|
* @returns {string}
|
|
*/
|
|
function requireEnv(name) {
|
|
const value = process.env[name];
|
|
if (!value) {
|
|
throw new Error(`Missing required environment variable: ${name}`);
|
|
}
|
|
return value;
|
|
}
|