chore: rewrite env vars cleanly

formbricks · Feb 21, 2024 · 7858d40 · 7858d40
1 parent 2752fcb
commit 7858d40
Show file tree

Hide file tree

Showing 12 changed files with 54 additions and 47 deletions.
diff --git a/.env.example b/.env.example
@@ -10,9 +10,9 @@ NEXTAUTH_URL=http://localhost:3000
 NEXTAUTH_SECRET=
 # You can use: `openssl rand -base64 32` to generate one
 
-GITHUB_CLIENT_ID=
-GITHUB_CLIENT_SECRET=
-GITHUB_ACCESS_TOKEN=
+GITHUB_APP_CLIENT_ID=
+GITHUB_APP_CLIENT_SECRET=
+GITHUB_APP_ACCESS_TOKEN=
 
 # -----------------------------------------------------------------------------
 # Database (Postgres)
@@ -31,9 +31,13 @@ SMTP_USER=smtpUser
 SMTP_PASSWORD=smtpPassword
 
 # GitHub Webhook Secret
-GITHUB_WEBHOOK_SECRET=
+GITHUB_APP_WEBHOOK_SECRET=
 
-# GitHub App Private Key [.pem] (enclose in double quotes to preserve newlines)
-GITHUB_APP_PRIVATE_KEY=[]
+# GitHub App Application ID
+GITHUB_APP_ID=
 
+# GitHub App Private Key [.pem] (enclose in double quotes to preserve newlines)
+GITHUB_APP_PRIVATE_KEY=""
 
+# GitHub App Installation URL
+GITHUB_APP_INSTALLATION_URL=
diff --git a/app/(dashboard)/client-page.tsx b/app/(dashboard)/client-page.tsx
@@ -2,9 +2,9 @@
 
 import { Button } from "@/components/ui/button";
 
-export default function ConnectGitHubAppButton() {
+export default function ConnectGitHubAppButton({ appInstallationUrl }: { appInstallationUrl: string }) {
   const handleRedirect = () => {
-    window.location.href = "https://github.com/apps/ossgg-test/installations/new";
+    window.location.href = appInstallationUrl;
   };
 
   return (

diff --git a/app/(dashboard)/layout.tsx b/app/(dashboard)/layout.tsx
@@ -2,6 +2,7 @@ import { DashboardNav } from "@/components/nav";
 import { Logo } from "@/components/ui/logo";
 import { UserAccountNav } from "@/components/user-account-nav";
 import { dashboardConfig } from "@/config/dashboard";
+import { GITHUB_APP_INSTALLATION_URL } from "@/lib/constants";
 import { getCurrentUser } from "@/lib/session";
 import { notFound } from "next/navigation";
 
@@ -39,7 +40,7 @@ export default async function DashboardLayout({ children }: DashboardLayoutProps
         </div>
         <div>
           <div className="mb-2">
-            <ConnectGitHubAppButton />
+            <ConnectGitHubAppButton appInstallationUrl={GITHUB_APP_INSTALLATION_URL} />
           </div>
           <DashboardNav items={dashboardConfig.bottomNav} />
           <p className="mb-3 ml-3 mt-5 text-xs">

diff --git a/app/(marketing)/page.tsx b/app/(marketing)/page.tsx
@@ -1,6 +1,6 @@
 import { buttonVariants } from "@/components/ui/button";
 import { siteConfig } from "@/config/site";
-import { env } from "@/env.mjs";
+import { GITHUB_APP_ACCESS_TOKEN } from "@/lib/constants";
 import { cn } from "@/lib/utils";
 import Image from "next/image";
 import Link from "next/link";
@@ -18,7 +18,7 @@ async function getGitHubStars(): Promise<string | null> {
     const response = await fetch("https://api.github.com/repos/formbricks/oss.gg", {
       headers: {
         Accept: "application/vnd.github+json",
-        Authorization: `Bearer ${env.GITHUB_ACCESS_TOKEN}`,
+        Authorization: `Bearer ${GITHUB_APP_ACCESS_TOKEN}`,
       },
       next: {
         revalidate: 60,

diff --git a/env.mjs b/env.mjs
@@ -1,36 +1,33 @@
-import { createEnv } from "@t3-oss/env-nextjs"
-import { z } from "zod"
+import { createEnv } from "@t3-oss/env-nextjs";
+import { z } from "zod";
 
 export const env = createEnv({
   server: {
     // This is optional because it's only used in development.
     // See https://next-auth.js.org/deployment.
     NEXTAUTH_URL: z.string().url().optional(),
     NEXTAUTH_SECRET: z.string().min(1),
-    GITHUB_CLIENT_ID: z.string().min(1),
-    GITHUB_CLIENT_SECRET: z.string().min(1),
-    GITHUB_ACCESS_TOKEN: z.string().min(1).optional(),
     DATABASE_URL: z.string().min(1),
     SMTP_FROM: z.string().min(1),
     SMTP_HOST: z.string().min(1),
     SMTP_PORT: z.string().min(1),
     SMTP_USER: z.string().min(1),
     SMTP_PASSWORD: z.string().min(1),
     SMTP_SECURE_ENABLED: z.enum("0", "1").optional(),
-    GITHUB_WEBHOOK_SECRET: z.string().min(1).optional(),
-    GITHUB_APP_APP_ID: z.string().min(1).optional(),
+    GITHUB_APP_ID: z.string().min(1),
+    GITHUB_APP_CLIENT_ID: z.string().min(1),
+    GITHUB_APP_CLIENT_SECRET: z.string().min(1),
+    GITHUB_APP_WEBHOOK_SECRET: z.string().min(1).optional(),
     GITHUB_APP_PRIVATE_KEY: z.string().min(1).optional(),
-    GITHUB_APP_CLIENT_ID: z.string().min(1).optional(),
+    GITHUB_APP_INSTALLATION_URL: z.string().min(1),
+    GITHUB_APP_ACCESS_TOKEN: z.string().min(1),
   },
   client: {
     NEXT_PUBLIC_APP_URL: z.string().min(1),
   },
   runtimeEnv: {
     NEXTAUTH_URL: process.env.NEXTAUTH_URL,
     NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET,
-    GITHUB_CLIENT_ID: process.env.GITHUB_CLIENT_ID,
-    GITHUB_CLIENT_SECRET: process.env.GITHUB_CLIENT_SECRET,
-    GITHUB_ACCESS_TOKEN: process.env.GITHUB_ACCESS_TOKEN,
     DATABASE_URL: process.env.DATABASE_URL,
     SMTP_FROM: process.env.SMTP_FROM,
     SMTP_HOST: process.env.SMTP_HOST,
@@ -39,9 +36,12 @@ export const env = createEnv({
     SMTP_PASSWORD: process.env.SMTP_PASSWORD,
     SMTP_SECURE_ENABLED: process.env.SMTP_SECURE_ENABLED,
     NEXT_PUBLIC_APP_URL: process.env.NEXT_PUBLIC_APP_URL,
-    GITHUB_WEBHOOK_SECRET: process.env.GITHUB_WEBHOOK_SECRET,
-    GITHUB_APP_APP_ID: process.env.GITHUB_APP_APP_ID,
-    GITHUB_APP_PRIVATE_KEY: process.env.GITHUB_APP_PRIVATE_KEY,
+    GITHUB_APP_ID: process.env.GITHUB_APP_ID,
     GITHUB_APP_CLIENT_ID: process.env.GITHUB_APP_CLIENT_ID,
+    GITHUB_APP_CLIENT_SECRET: process.env.GITHUB_APP_CLIENT_SECRET,
+    GITHUB_APP_WEBHOOK_SECRET: process.env.GITHUB_APP_WEBHOOK_SECRET,
+    GITHUB_APP_PRIVATE_KEY: process.env.GITHUB_APP_PRIVATE_KEY,
+    GITHUB_APP_INSTALLATION_URL: process.env.GITHUB_APP_INSTALLATION_URL,
+    GITHUB_APP_ACCESS_TOKEN: process.env.GITHUB_APP_ACCESS_TOKEN,
   },
-})
+});
diff --git a/lib/auth.ts b/lib/auth.ts
@@ -12,8 +12,9 @@ export const authOptions: NextAuthOptions = {
   },
   providers: [
     GitHubProvider({
-      clientId: env.GITHUB_CLIENT_ID,
-      clientSecret: env.GITHUB_CLIENT_SECRET,
+      clientId: env.GITHUB_APP_CLIENT_ID,
+      clientSecret: env.GITHUB_APP_CLIENT_SECRET,
+
     }),
   ],
   callbacks: {

diff --git a/lib/constants.ts b/lib/constants.ts
@@ -4,7 +4,7 @@ export const DEFAULT_CACHE_REVALIDATION_INTERVAL = 60 * 30; // 30 minutes
 
 export const GITHUB_CACHE_REVALIDATION_INTERVAL = 60 * 60 * 24; // 24 hours
 
-export const GITHUB_ACCESS_TOKEN = env.GITHUB_ACCESS_TOKEN;
+export const GITHUB_APP_CLIENT_SECRET = env.GITHUB_APP_CLIENT_SECRET;
 
 // Github
 export const LEVEL_LABEL = "level";
@@ -19,7 +19,10 @@ export const AWARD_POINTS_IDENTIFIER = "/award" as const;
 
 export const ON_NEW_ISSUE = "Thanks for opening an issue! It's live on oss.gg!";
 export const ON_REPO_NOT_REGISTERED = `This repository is not registered with oss.gg. Please register it at https://oss.gg.`;
-export const GITHUB_APP_APP_ID = env.GITHUB_APP_APP_ID as string;
+export const GITHUB_APP_ID = env.GITHUB_APP_ID as string;
 export const GITHUB_APP_PRIVATE_KEY = env.GITHUB_APP_PRIVATE_KEY as string;
 
-export const GITHUB_WEBHOOK_SECRET = env.GITHUB_WEBHOOK_SECRET as string;
+export const GITHUB_APP_WEBHOOK_SECRET = env.GITHUB_APP_WEBHOOK_SECRET as string;
+
+export const GITHUB_APP_INSTALLATION_URL = env.GITHUB_APP_INSTALLATION_URL as string;
+export const GITHUB_APP_ACCESS_TOKEN = env.GITHUB_APP_ACCESS_TOKEN as string;
diff --git a/lib/github/index.ts b/lib/github/index.ts
@@ -1,11 +1,11 @@
 import { Webhooks, createNodeMiddleware } from "@octokit/webhooks";
 
-import { GITHUB_WEBHOOK_SECRET } from "../constants";
+import { GITHUB_APP_WEBHOOK_SECRET } from "../constants";
 import { onInstallationCreated } from "./hooks/installation";
 import { onAssignCommented, onAwardPoints, onIssueOpened, onUnassignCommented } from "./hooks/issue";
 
 const webhooks = new Webhooks({
-  secret: GITHUB_WEBHOOK_SECRET,
+  secret: GITHUB_APP_WEBHOOK_SECRET,
 });
 
 export const webhookMiddleware = createNodeMiddleware(webhooks, {

diff --git a/lib/github/service.ts b/lib/github/service.ts
@@ -3,15 +3,15 @@ import "server-only";
 import { ZGithubApiResponseSchema } from "@/types/issue";
 import { unstable_cache } from "next/cache";
 
-import { GITHUB_ACCESS_TOKEN, GITHUB_CACHE_REVALIDATION_INTERVAL } from "../constants";
+import { GITHUB_APP_ACCESS_TOKEN, GITHUB_CACHE_REVALIDATION_INTERVAL } from "../constants";
 
 export const getMergedPullRequestsByGithubLogin = (repo: string, githubLogin: string) =>
   unstable_cache(
     async () => {
       const url = `https://api.github.com/search/issues?q=repo:${repo}+is:pull-request+is:merged+author:${githubLogin}&per_page=10&sort=created&order=desc`;
 
       const headers = {
-        Authorization: `Bearer ${GITHUB_ACCESS_TOKEN}`,
+        Authorization: `Bearer ${GITHUB_APP_ACCESS_TOKEN}`,
         Accept: "application/vnd.github.v3+json",
       };
 
@@ -20,7 +20,6 @@ export const getMergedPullRequestsByGithubLogin = (repo: string, githubLogin: st
 
       const validatedData = ZGithubApiResponseSchema.parse(data);
 
-
       // Map the GitHub API response to  issue format
       const mergedPRs = validatedData.items.map((pr) => ({
         logoHref: "https://avatars.githubusercontent.com/u/105877416?s=200&v=4",
@@ -45,7 +44,7 @@ export const getOpenPullRequestsByGithubLogin = (repo: string, githubLogin: stri
       const url = `https://api.github.com/search/issues?q=repo:${repo}+is:pull-request+is:open+author:${githubLogin}&sort=created&order=desc`;
 
       const headers = {
-        Authorization: `Bearer ${GITHUB_ACCESS_TOKEN}`,
+        Authorization: `Bearer ${GITHUB_APP_ACCESS_TOKEN}`,
         Accept: "application/vnd.github.v3+json",
       };
 
@@ -74,13 +73,13 @@ export const getOpenPullRequestsByGithubLogin = (repo: string, githubLogin: stri
     }
   )();
 
-  export const getAllOpenIssuesOfRepo = (repo: string) =>
+export const getAllOpenIssuesOfRepo = (repo: string) =>
   unstable_cache(
     async () => {
       const url = `https://api.github.com/search/issues?q=repo:${repo}+is:issue+is:open+label:"🕹️ oss.gg"&sort=created&order=desc`;
 
       const headers = {
-        Authorization: `Bearer ${GITHUB_ACCESS_TOKEN}`,
+        Authorization: `Bearer ${GITHUB_APP_ACCESS_TOKEN}`,
         Accept: "application/vnd.github.v3+json",
       };
 
@@ -107,4 +106,4 @@ export const getOpenPullRequestsByGithubLogin = (repo: string, githubLogin: stri
     {
       revalidate: GITHUB_CACHE_REVALIDATION_INTERVAL,
     }
-  )();
+  )();
diff --git a/lib/github/services/user.ts b/lib/github/services/user.ts
@@ -1,4 +1,4 @@
-import { GITHUB_APP_PRIVATE_KEY, GITHUB_WEBHOOK_SECRET } from "@/lib/constants";
+import { GITHUB_APP_PRIVATE_KEY, GITHUB_APP_WEBHOOK_SECRET } from "@/lib/constants";
 import { db } from "@/lib/db";
 import { App } from "octokit";
 
@@ -21,7 +21,7 @@ export const sendInstallationDetails = async (
       appId,
       privateKey: GITHUB_APP_PRIVATE_KEY,
       webhooks: {
-        secret: GITHUB_WEBHOOK_SECRET!,
+        secret: GITHUB_APP_WEBHOOK_SECRET!,
       },
     });
     const octokit = await app.getInstallationOctokit(installationId);

diff --git a/lib/github/utils.ts b/lib/github/utils.ts
@@ -1,7 +1,7 @@
 import { createAppAuth } from "@octokit/auth-app";
 import { Octokit } from "@octokit/rest";
 
-import { GITHUB_APP_APP_ID, GITHUB_APP_PRIVATE_KEY } from "../constants";
+import { GITHUB_APP_ID, GITHUB_APP_PRIVATE_KEY } from "../constants";
 
 
 export const getOctokitInstance = (installationId: number) => {
@@ -12,7 +12,7 @@ export const getOctokitInstance = (installationId: number) => {
   const octokit = new Octokit({
     authStrategy: createAppAuth,
     auth: {
-      appId: GITHUB_APP_APP_ID!,
+      appId: GITHUB_APP_ID!,
       privateKey:GITHUB_APP_PRIVATE_KEY!,
       installationId,
     },

diff --git a/lib/githubUser/service.ts b/lib/githubUser/service.ts
@@ -1,4 +1,4 @@
-import { GITHUB_ACCESS_TOKEN, GITHUB_CACHE_REVALIDATION_INTERVAL } from "@/lib/constants";
+import { GITHUB_APP_ACCESS_TOKEN, GITHUB_CACHE_REVALIDATION_INTERVAL } from "@/lib/constants";
 import { Octokit } from "@octokit/rest";
 import { unstable_cache } from "next/cache";
 
@@ -8,7 +8,7 @@ export const getGithubUserByLogin = (githubLogin: string) =>
   unstable_cache(
     async () => {
       try {
-        const octokit = new Octokit({ auth: `token ${GITHUB_ACCESS_TOKEN}` });
+        const octokit = new Octokit({ auth: `token ${GITHUB_APP_ACCESS_TOKEN}` });
         // Use the 'users' endpoint to get user data
         const { data } = await octokit.rest.users.getByUsername({
           username: githubLogin,
@@ -25,4 +25,3 @@ export const getGithubUserByLogin = (githubLogin: string) =>
       revalidate: GITHUB_CACHE_REVALIDATION_INTERVAL,
     }
   )();
-