feat(#836)!: unification and flexibility with AUTH_ORIGIN (#837)

* feat!: unification and flexibility with `AUTH_ORIGIN`

* docs: using `AUTH_ORIGIN`

* chore: rebuild with pnpm@6

* fix: extracting a variable from ENV

* docs: update `originEnvKey` type description

Co-authored-by: Marsel Shayhin <18054980+phoenix-ru@users.noreply.github.com>

* fix: install scule after resolve conflicts

* Update docs/guide/application-side/configuration.md

Co-authored-by: Marsel Shayhin <18054980+phoenix-ru@users.noreply.github.com>

* fix: broken lock after resolve conflict

* Update src/runtime/server/services/utils.ts

Co-authored-by: Marsel Shayhin <18054980+phoenix-ru@users.noreply.github.com>

* fix: typecheck

* Update docs/resources/error-reference.md

Co-authored-by: Zoey <zoeykaiser8@gmail.com>

---------

Co-authored-by: Marsel Shayhin <18054980+phoenix-ru@users.noreply.github.com>
Co-authored-by: Zoey <zoeykaiser8@gmail.com>

Author: 3 people

docs/guide/advanced/deployment/self-hosted.md

@@ -6,7 +6,7 @@ This guide will explain how you can self-host a Nuxt3 application running NuxtAu
 
 When deploying the Auth.JS provider, the application must be informed what URL it is running at. This is to properly determine callback urls when navigating users to external OAuth providers. Depending on your setup, NuxtAuth allows you to set this value at either [**Runtime**](https://nuxt.com/docs/guide/going-further/hooks#app-hooks-runtime) or [**Buildtime**](https://nuxt.com/docs/guide/going-further/hooks#nuxt-hooks-build-time).
 
-- **Runtime:** Set the `AUTH_ORIGIN` environment variable.
+- **Runtime:** Set the `NUXT_AUTH_ORIGIN` environment variable.
 - **Buildtime:** Set the `baseURL`-config key inside the `nuxt.config.ts`
 
 The origin consists out of:
@@ -15,17 +15,17 @@ The origin consists out of:
 - **host:** e.g., localhost, example.org, google.com
 - **port:** empty (implies `:80` for http and `:443` for https), :3000, :8888
 
-An example of the `AUTH_ORIGIN` would be: `https://my-awesome-app.com`
+An example of the `NUXT_AUTH_ORIGIN` would be: `https://my-awesome-app.com`
 
 :::info Origin Order
 When [attempting to determine the server origin](https://github.com/sidebase/nuxt-auth/blob/main/src/runtime/server/services/utils.ts#L11), NuxtAuth checks the available options in the following order:
-- **Prio 1**: Using `AUTH_ORIGIN`
+- **Prio 1**: Using `NUXT_AUTH_ORIGIN`
 - **Prio 2**: Using `baseURL`-config key from inside the `nuxt.config.ts`
 - **Prio 3**: Infer the origin _(Only in development)_
 :::
 
 :::tip
-We recommend setting the `AUTH_ORIGIN` during runtime and leaving the `baseURL`-config key empty, to avoid using a potentially incorrect ORIGIN. 
+We recommend setting the `NUXT_AUTH_ORIGIN` during runtime and leaving the `baseURL`-config key empty, to avoid using a potentially incorrect ORIGIN. 
 :::
 
 In addition to verifying that the origin is correctly set, also ensure that you have a secure [`secret` set in the NuxtAuthHandler](/guide/authjs/nuxt-auth-handler#secret).

docs/guide/application-side/configuration.md

@@ -8,6 +8,7 @@ export default defineNuxtConfig({
     auth: { 
         isEnabled: true,
         disableServerSideAuth: false,
+        originEnvKey: 'AUTH_ORIGIN',
         baseURL: 'http://localhost:3000/api/auth',
         provider: { /* your provider config */ },
         sessionRefresh: {
@@ -25,6 +26,13 @@ export default defineNuxtConfig({
 
 Whether the module is enabled at all
 
+## `originEnvKey`
+
+- **Type**: `string`
+- **Default**: `AUTH_ORIGIN`
+
+The name of the environment variable that holds the origin of the application. This is used to determine the origin of your application in production. Read more [here](/resources/error-reference#auth-no-origin).
+
 ## `disableServerSideAuth`
 
 - **Type**: `boolean`

docs/resources/error-reference.md

@@ -21,8 +21,18 @@ export default NuxtAuthHandler({
 
 `AUTH_NO_ORIGIN` will appear as a warning message during development and be thrown as an error that stops the application during production. It is safe to ignore the development warning - it is only meant as a heads-up for your later production-deployment. `AUTH_NO_ORIGIN` occurs when the origin of your application was not set. NuxtAuth tries to find the origin of your application in the following order:
 
-1. Use the `AUTH_ORIGIN` environment variable if it is set,
+1. Use the `NUXT_AUTH_ORIGIN` environment variable if it is set
 2. Development only: Determine the origin automatically from the incoming HTTP request
 
-
 The `origin` is important for callbacks that happen to a specific origin for `oauth` flows. Note that in order for (2) to work the `origin` already has to be set at build-time, i.e., when you run `npm run build` or `npm run generate` and it will lead to the `origin` being inside your app-bundle.
+
+```ts
+// file: nuxt.config.ts
+export default defineNuxtConfig({
+  runtimeConfig: {
+    authOrigin: 'https://example.org', // You can either set a default or leave it empty
+  }
+
+  // ... rest of your config
+})
+```

package.json

@@ -38,6 +38,7 @@
     "knitwork": "^1.1.0",
     "nitropack": "^2.9.7",
     "requrl": "^3.0.2",
+    "scule": "^1.3.0",
     "ufo": "^1.5.4"
   },
   "peerDependencies": {

pnpm-lock.yaml

@@ -27,6 +27,7 @@ import type {
 const topLevelDefaults = {
   isEnabled: true,
   disableServerSideAuth: false,
+  originEnvKey: 'AUTH_ORIGIN',
   sessionRefresh: {
     enablePeriodically: false,
     enableOnWindowFocus: true,

src/module.ts

@@ -1,6 +1,7 @@
 import { H3Event } from 'h3'
 import getURL from 'requrl'
 import { joinURL } from 'ufo'
+import { camelCase } from 'scule'
 import { isProduction } from '../../helpers'
 import { ERROR_MESSAGES } from './errors'
 import { useRuntimeConfig } from '#imports'
@@ -9,14 +10,18 @@ import { useRuntimeConfig } from '#imports'
  * Get `origin` and fallback to `x-forwarded-host` or `host` headers if not in production.
  */
 export const getServerOrigin = (event?: H3Event): string => {
+  const config = useRuntimeConfig()
+
   // Prio 1: Environment variable
-  const envOrigin = process.env.AUTH_ORIGIN
+  const envOriginKey = config.public.auth.originEnvKey!
+  const envOriginKeyCamelcase = camelCase(envOriginKey, { normalize: true })
+  const envOrigin = (config[envOriginKeyCamelcase] ?? process.env[envOriginKey]) as string | undefined
   if (envOrigin) {
     return envOrigin
   }
 
-  // Prio 2: Runtime configuration
-  const runtimeConfigOrigin = useRuntimeConfig().public.auth.computed.origin
+  // Prio 2: Computed origin
+  const runtimeConfigOrigin = config.public.auth.computed.origin
   if (runtimeConfigOrigin) {
     return runtimeConfigOrigin
   }

src/runtime/server/services/utils.ts

@@ -405,6 +405,15 @@ export interface ModuleOptions {
    * @default false
    */
   disableServerSideAuth?: boolean;
+  /**
+   * The name of the environment variable that holds the origin of the application. This is used to determine the full URL of the application in production.
+   * As an example, if you set `NUXT_AUTH_ORIGIN=http://example.org` in your `.env` file, the module will use this to determine the full URL of the application.
+   *
+   * Find more about this in the documentation: https://auth.sidebase.io/resources/error-reference#auth-no-origin
+   *
+   * @default 'AUTH_ORIGIN'
+   */
+  originEnvKey?: string
   /**
    * Full url at which the app will run combined with the path to authentication. You can set this differently depending on your selected authentication-provider:
    * - `authjs`: You must set the full URL, with origin and path in production. You can leave this empty in development