fix: get env variable dynamically to avoid secret leakage

2026-01-28 02:17:06 +01:00
parent 4abf69844a
commit 4e33401387
10 changed files with 238 additions and 58 deletions
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -1,5 +1,5 @@
 import type { MiddlewareHandler } from "astro";
-import { options } from "./runtime.js";
+import { getOptions } from "./runtime.js";
 import { verifyAndDecode } from "./lib/sign.js";

 function parseCookies(cookieHeader: string | null): Record<string, string> {
@@ -31,6 +31,7 @@ function isProtected(pathname: string, patterns: string[]): boolean {

 export const onRequest: MiddlewareHandler = async (context, next) => {
  const { request, locals, url } = context;
+  const options = getOptions();
  const cookieName = options.cookie.name;
  const cookies = parseCookies(request.headers.get("cookie"));
  const token = cookies[cookieName];