Merge pull request #1 from EveryInc/fix/cloudflare-env-vars

Fix: Access Cloudflare runtime env vars correctly

Author: whw

.vscode/extensions.json

@@ -0,0 +1,4 @@
+{
+  "recommendations": ["astro-build.astro-vscode"],
+  "unwantedRecommendations": []
+}

.vscode/launch.json

@@ -0,0 +1,11 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "command": "./node_modules/.bin/astro dev",
+      "name": "Development server",
+      "request": "launch",
+      "type": "node-terminal"
+    }
+  ]
+}

src/pages/api/auth.ts

@@ -2,12 +2,17 @@ import type { APIRoute } from 'astro';
 
 export const prerender = false;
 
-export const POST: APIRoute = async ({ request, cookies, redirect }) => {
+export const POST: APIRoute = async ({ request, cookies, redirect, locals }) => {
+  // Access Cloudflare runtime env vars
+  const runtime = locals.runtime as { env: Record<string, string> };
+  const SUBMIT_PASSWORD = runtime?.env?.SUBMIT_PASSWORD || import.meta.env.SUBMIT_PASSWORD;
+  const SUBMIT_SECRET = runtime?.env?.SUBMIT_SECRET || import.meta.env.SUBMIT_SECRET;
+
   const formData = await request.formData();
   const password = formData.get('password');
 
-  if (password === import.meta.env.SUBMIT_PASSWORD) {
-    cookies.set('skill-submit-token', import.meta.env.SUBMIT_SECRET, {
+  if (password === SUBMIT_PASSWORD) {
+    cookies.set('skill-submit-token', SUBMIT_SECRET, {
       httpOnly: true,
       secure: true,
       sameSite: 'lax',

src/pages/api/submit.ts

@@ -3,9 +3,14 @@ import { Octokit } from '@octokit/rest';
 
 export const prerender = false;
 
-export const POST: APIRoute = async ({ request, cookies }) => {
+export const POST: APIRoute = async ({ request, cookies, locals }) => {
+  // Access Cloudflare runtime env vars
+  const runtime = locals.runtime as { env: Record<string, string> };
+  const SUBMIT_SECRET = runtime?.env?.SUBMIT_SECRET || import.meta.env.SUBMIT_SECRET;
+  const GITHUB_TOKEN = runtime?.env?.GITHUB_TOKEN || import.meta.env.GITHUB_TOKEN;
+
   // Verify auth cookie
-  if (cookies.get('skill-submit-token')?.value !== import.meta.env.SUBMIT_SECRET) {
+  if (cookies.get('skill-submit-token')?.value !== SUBMIT_SECRET) {
     return new Response(JSON.stringify({ error: 'Unauthorized' }), {
       status: 401,
       headers: { 'Content-Type': 'application/json' }
@@ -46,7 +51,7 @@ export const POST: APIRoute = async ({ request, cookies }) => {
     }
 
     // Create PR via GitHub API
-    const octokit = new Octokit({ auth: import.meta.env.GITHUB_TOKEN });
+    const octokit = new Octokit({ auth: GITHUB_TOKEN });
     const owner = 'EveryInc';
     const repo = 'everyskill';
     const branch = `skill/${name}-${Date.now()}`;

src/pages/submit.astro

@@ -3,9 +3,13 @@ import Base from '../layouts/Base.astro';
 
 export const prerender = false;
 
+// Access Cloudflare runtime env vars
+const runtime = Astro.locals.runtime as { env: Record<string, string> } | undefined;
+const SUBMIT_SECRET = runtime?.env?.SUBMIT_SECRET || import.meta.env.SUBMIT_SECRET;
+
 // Check auth cookie
 const authToken = Astro.cookies.get('skill-submit-token')?.value;
-const isAuthed = authToken === import.meta.env.SUBMIT_SECRET;
+const isAuthed = authToken === SUBMIT_SECRET;
 
 // Handle auth error from redirect
 const authError = Astro.url.searchParams.get('error');