Skip to content

Autodetect secret key from environment variable #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Apr 19, 2024
Merged

Autodetect secret key from environment variable #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
80abacd
Support auto-detection
Firehed Apr 19, 2024
2e8ca41
Test new path
Firehed Apr 19, 2024
0fe96a5
fix undefined variable
Firehed Apr 19, 2024
e8b5648
Clear env var during tearDown
Firehed Apr 19, 2024
3ae43bc
Fix line length
Firehed Apr 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ $snapAuth = new Client(secretKey: $yourSecret);
> Secret keys are specific to an environment and domain.
> We HIGHLY RECOMMEND using environment variables or another external storage mechanism.
> Avoid committing them to version control, as this can more easily lead to compromise.
>
> The SDK will auto-detect the `SNAPAUTH_SECRET_KEY` environment variable if you do not provide a value directly.

## Usage

Expand Down
18 changes: 17 additions & 1 deletion src/Client.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,31 @@ class Client
{
private const DEFAULT_API_HOST = 'https://api.snapauth.app';

private string $secretKey;

public function __construct(
#[SensitiveParameter] private string $secretKey,
#[SensitiveParameter] ?string $secretKey = null,
private string $apiHost = self::DEFAULT_API_HOST,
) {
// Auto-detect if not provided
if ($secretKey === null) {
$env = getenv('SNAPAUTH_SECRET_KEY');
if ($env === false) {
throw new ApiError(
'Secret key missing. It can be explictly provided, or it ' .
'can be auto-detected from the SNAPAUTH_SECRET_KEY ' .
'environment variable.',
);
}
$secretKey = $env;
}
if (!str_starts_with($secretKey, 'secret_')) {
throw new ApiError(
'Invalid secret key. Please verify you copied the full value from the SnapAuth dashboard.',
);
}

$this->secretKey = $secretKey;
}

/**
Expand Down
23 changes: 23 additions & 0 deletions tests/ClientTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,23 @@ public function testConstructApi(): void
self::assertInstanceOf(Client::class, $client);
}

public function testConstructSecretKeyAutodetectInvalid(): void
{
assert(getenv('SNAPAUTH_SECRET_KEY') === false);
putenv('SNAPAUTH_SECRET_KEY=invalid');
self::expectException(ApiError::class);
self::expectExceptionMessage('Invalid secret key.');
new Client();
}

public function testConstructSecretKeyAutodetectMissing(): void
{
assert(getenv('SNAPAUTH_SECRET_KEY') === false);
self::expectException(ApiError::class);
self::expectExceptionMessage('Secret key missing.');
new Client();
}

public function testSecretKeyValidation(): void
{
self::expectException(ApiError::class);
Expand All @@ -31,4 +48,10 @@ public function testKeyIsRedactedInDebugInfo(): void
$result = print_r($client, true);
self::assertStringNotContainsString('secret_abc_123', $result);
}

public function tearDown(): void
{
// Note: trailing = sets it to empty string. This actually clears it.
putenv('SNAPAUTH_SECRET_KEY');
}
}