fix: siwn csrf config

2025-11-15 15:48:56 -05:00 · 2025-07-23 19:23:03 -07:00 · 2025-07-23 19:23:03 -07:00 · ea7ee37e71
commit ea7ee37e71
parent feb9f3e161
5 changed files with 11 additions and 13 deletions
--- a/.env.example
+++ b/.env.example
@ -4,8 +4,3 @@ KV_REST_API_TOKEN=''
 KV_REST_API_URL=''
 NEXT_PUBLIC_URL='http://localhost:3000'
 NEXTAUTH_URL='http://localhost:3000'
-
-NEXTAUTH_SECRET=""
-NEYNAR_API_KEY=""
-NEYNAR_CLIENT_ID=""
-USE_TUNNEL="false"
--- a/bin/init.js
+++ b/bin/init.js
@ -693,6 +693,7 @@ export async function init(projectName = null, autoAcceptDefaults = false, apiKe
      );
    }
    if (answers.seedPhrase) {
+      console.log('✅ Writing SEED_PHRASE and NEXTAUTH_SECRET to .env.local');
      fs.appendFileSync(envPath, `\nSEED_PHRASE="${answers.seedPhrase}"`);
      // Add NextAuth secret for SIWN
      fs.appendFileSync(
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "@neynar/create-farcaster-mini-app",
-  "version": "1.8.1",
+  "version": "1.8.2",
  "type": "module",
  "private": false,
  "access": "public",
--- a/src/auth.ts
+++ b/src/auth.ts
@ -274,7 +274,7 @@ export const authOptions: AuthOptions = {
              ? `https://${process.env.VERCEL_PROJECT_PRODUCTION_URL}`
              : process.env.VERCEL_URL
                ? `https://${process.env.VERCEL_URL}`
-                : `http://localhost:${process.env.PORT ?? 3000}`;
+                : process.env.NEXTAUTH_URL || `http://localhost:${process.env.PORT ?? 3000}`;

          const domain = getDomainFromUrl(baseUrl);

@ -339,26 +339,26 @@ export const authOptions: AuthOptions = {
      name: `next-auth.session-token`,
      options: {
        httpOnly: true,
-        sameSite: 'none',
+        sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax',
        path: '/',
-        secure: true,
+        secure: process.env.NODE_ENV === 'production',
      },
    },
    callbackUrl: {
      name: `next-auth.callback-url`,
      options: {
-        sameSite: 'none',
+        sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax',
        path: '/',
-        secure: true,
+        secure: process.env.NODE_ENV === 'production',
      },
    },
    csrfToken: {
      name: `next-auth.csrf-token`,
      options: {
        httpOnly: true,
-        sameSite: 'none',
+        sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax',
        path: '/',
-        secure: true,
+        secure: process.env.NODE_ENV === 'production',
      },
    },
  },
--- a/src/components/ui/NeynarAuthButton/index.tsx
+++ b/src/components/ui/NeynarAuthButton/index.tsx
@ -569,6 +569,8 @@ export function NeynarAuthButton() {
      } else {
        console.error('❌ Backend sign-in error:', e);
      }
+    } finally {
+      setSignersLoading(false);
    }
  }, [nonce]);