fix: add keys to deployment #131
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🚀 Preview Deployment
Commit:
|
- Update server-side Discogs routes to use process.env instead of import.meta.env - Add fallback to VITE_DISCOGS_* for local development compatibility - Use explicit wrangler secret put commands in all deployment workflows - This fixes 401/500 errors on preview, staging, and production deployments
The correct way to access Cloudflare Worker secrets/bindings is via the `env` object from `cloudflare:workers` module, not `process.env`.
Adds TypeScript type declarations for the cloudflare:workers module which provides access to Worker bindings (secrets, vars, etc.)
- Add preview URL pattern (XXX-pr.crate.audio) to ALLOWED_ORIGINS - Revert from cloudflare:workers env to process.env (works with nodejs_compat) - Remove cloudflare:workers import from all Discogs API files The 500 error was caused by preview URLs not being in the allowed origins list.
The separate "Set Worker Secrets" steps were not working - secrets were not being set on the Workers. Using the built-in secrets parameter in wrangler-action which handles this properly. Maps GitHub secrets VITE_DISCOGS_CONSUMER_KEY and VITE_DISCOGS_CONSUMER_SECRET to DISCOGS_CONSUMER_KEY and DISCOGS_CONSUMER_SECRET for the Worker.
The wrangler-action secrets parameter doesn't pass the --name flag, so secrets were being set on the default worker instead of the PR-specific worker. Using postCommands to explicitly run wrangler secret put with the correct --name flag.
This is the official way to access Cloudflare bindings in TanStack Start. See: https://developers.cloudflare.com/workers/frameworks/framework-guides/tanstack-start/
All API routes and the discogs lib now use the official Cloudflare way
to access secrets: import { env } from 'cloudflare:workers'
- cloudflare:workers bindings are empty in local dev - Added fallback to process.env for Discogs credentials - Created .dev.vars for local secrets (wrangler/miniflare) - Added .dev.vars to .gitignore Works in both environments: - Local dev: uses .dev.vars via miniflare - Production: uses cloudflare:workers bindings
- Created lib/config/env.ts for centralized env variable access - Created lib/config/discogs.ts for SDK factory - Updated all API routes to use createDiscogsSDK() - Removed duplicate 8-line fallback logic from 5 files - Added proper TypeScript types for env variables Benefits: - DRY: env logic in ONE place - Type-safe: CloudflareEnv type defines available secrets - Maintainable: adding secrets = update one file - Testable: can mock createDiscogsSDK in tests
The user profile endpoint requires OAuth headers, not just the resource URL. This was causing the callback to fail with HTML error pages.
Bypass SDK OAuth handler in Workers by calling Discogs oauth/request_token and oauth/access_token directly, constructing a PLAINTEXT OAuth header with literal '&' in oauth_signature. Keeps discogs-sdk for normal API calls (identity/profile, collection, search).
Discogs/Workers parsing appears sensitive to raw '&' inside oauth_signature. Encode the PLAINTEXT signature value so '&' becomes '%26' in the header. Also keep safe debug flags in request-token failures.
Avoid Authorization header parsing/mutation in Workers by sending OAuth 1.0a params as application/x-www-form-urlencoded POST body for request_token and access_token endpoints.
govi218
force-pushed
the
paprika/fix-discogs-deployement
branch
from
f9fae29 to
7a1f77c
Compare
✅ Deploy Preview for crate-audio ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
govi218
force-pushed
the
paprika/fix-discogs-deployement
branch
2 times, most recently
from
6b1720d to
e19d25d
Compare
govi218
force-pushed
the
paprika/fix-discogs-deployement
branch
3 times, most recently
from
e86933f to
65c9f7b
Compare
govi218
force-pushed
the
paprika/fix-discogs-deployement
branch
from
65c9f7b to
c276f33
Compare
govi218
force-pushed
the
paprika/fix-discogs-deployement
branch
from
314c8b3 to
095d096
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.