From a24f27679e5af01b0381f9f3bd7eecfdc48338b3 Mon Sep 17 00:00:00 2001
From: Pas <74743263+Pasithea0@users.noreply.github.com>
Date: Thu, 31 Jul 2025 12:31:50 -0600
Subject: [PATCH] alert if no crypto secret

also fix typo
---
 nitro.config.ts      |  2 +-
 server/utils/auth.ts | 23 +++++++++++++++++++++--
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/nitro.config.ts b/nitro.config.ts
index 9ea8c73..081bc84 100644
--- a/nitro.config.ts
+++ b/nitro.config.ts
@@ -31,7 +31,7 @@ export default defineNitroConfig({
     tmdbApiKey: process.env.TMDB_API_KEY,
     trakt: {
       clientId: process.env.TRAKT_CLIENT_ID,
-      clientSecret: process.env.TRAKT_CLIENT_SECRET,
+      clientSecret: process.env.TRAKT_SECRET_ID,
     },
   },
 });
diff --git a/server/utils/auth.ts b/server/utils/auth.ts
index a0250c8..fbbfead 100644
--- a/server/utils/auth.ts
+++ b/server/utils/auth.ts
@@ -55,7 +55,19 @@ export function useAuth() {
 
   const makeSessionToken = (session: { id: string }) => {
     const runtimeConfig = useRuntimeConfig();
-    return sign({ sid: session.id }, runtimeConfig.cryptoSecret, {
+    const cryptoSecret = runtimeConfig.cryptoSecret || process.env.CRYPTO_SECRET;
+    
+    if (!cryptoSecret) {
+      console.error('CRYPTO_SECRET is missing from both runtime config and environment');
+      console.error('Available runtime config keys:', Object.keys(runtimeConfig));
+      console.error('Environment variables:', {
+        CRYPTO_SECRET: process.env.CRYPTO_SECRET ? 'SET' : 'NOT SET',
+        NODE_ENV: process.env.NODE_ENV,
+      });
+      throw new Error('CRYPTO_SECRET environment variable is not set');
+    }
+    
+    return sign({ sid: session.id }, cryptoSecret, {
       algorithm: 'HS256',
     });
   };
@@ -63,7 +75,14 @@ export function useAuth() {
   const verifySessionToken = (token: string) => {
     try {
       const runtimeConfig = useRuntimeConfig();
-      const payload = verify(token, runtimeConfig.cryptoSecret, {
+      const cryptoSecret = runtimeConfig.cryptoSecret || process.env.CRYPTO_SECRET;
+      
+      if (!cryptoSecret) {
+        console.error('CRYPTO_SECRET is missing for token verification');
+        return null;
+      }
+      
+      const payload = verify(token, cryptoSecret, {
         algorithms: ['HS256'],
       });