Load GitHub OAuth client id from API when VITE var is unset.

Adds /api/oauth-config so production only needs GITHUB_CLIENT_ID on the
server; browser fetches the public client id at submit time.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Jeremy McSpadden
2026-05-25 12:04:57 -05:00
parent f5cf4fce9b
commit dc5a44d295
3 changed files with 30 additions and 5 deletions
+1
View File
@@ -13,6 +13,7 @@ src-tauri/gen/
.env
.env.local
.env.*.local
.env.vercel.*
# Logs
*.log
+10
View File
@@ -0,0 +1,10 @@
// GSD Pi Config - public OAuth client id for browser (Vercel serverless)
// Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
import type { VercelRequest, VercelResponse } from "@vercel/node";
export default function handler(_req: VercelRequest, res: VercelResponse) {
const clientId = process.env.GITHUB_CLIENT_ID ?? "";
res.setHeader("Cache-Control", "public, max-age=300");
res.status(200).json({ clientId, configured: Boolean(clientId) });
}
+19 -5
View File
@@ -13,8 +13,21 @@ import { readWebDraftMeta } from "../platform/web";
import type { GSDPreferences } from "../types";
import { btn, btnPrimary, heading, modalPanel, prose } from "../lib/uiClasses";
const GITHUB_CLIENT_ID = import.meta.env.VITE_GITHUB_CLIENT_ID ?? "";
const BUILD_TIME_CLIENT_ID = import.meta.env.VITE_GITHUB_CLIENT_ID ?? "";
const SUBMIT_API_URL = import.meta.env.VITE_SUBMIT_PRESET_API_URL ?? "/api/submit-preset";
const OAUTH_CONFIG_URL = "/api/oauth-config";
async function resolveGitHubClientId(): Promise<string> {
if (BUILD_TIME_CLIENT_ID) return BUILD_TIME_CLIENT_ID;
try {
const res = await fetch(OAUTH_CONFIG_URL);
if (!res.ok) return "";
const data = (await res.json()) as { clientId?: string };
return data.clientId ?? "";
} catch {
return "";
}
}
interface SubmitPresetModalProps {
open: boolean;
@@ -55,8 +68,9 @@ export function SubmitPresetModal({ open, prefs, onClose }: SubmitPresetModalPro
if (!open) return null;
const startOAuth = () => {
if (!GITHUB_CLIENT_ID) {
const startOAuth = async () => {
const githubClientId = await resolveGitHubClientId();
if (!githubClientId) {
setError("GitHub OAuth is not configured. Use the manual PR link below.");
return;
}
@@ -80,7 +94,7 @@ export function SubmitPresetModal({ open, prefs, onClose }: SubmitPresetModalPro
}),
);
const params = new URLSearchParams({
client_id: GITHUB_CLIENT_ID,
client_id: githubClientId,
redirect_uri: redirect,
scope: "public_repo",
state,
@@ -161,7 +175,7 @@ export function SubmitPresetModal({ open, prefs, onClose }: SubmitPresetModalPro
<button
type="button"
disabled={busy}
onClick={() => startOAuth()}
onClick={() => void startOAuth()}
className={btnPrimary}
>
{busy ? "Submitting…" : "Sign in with GitHub"}