From d85912c4c903d935db5644e4a88559fa851160c8 Mon Sep 17 00:00:00 2001 From: null Date: Wed, 20 May 2026 03:29:15 -0500 Subject: [PATCH] fix(auth): fallback to env token in useAuth and mutator for SSR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Local auth was using getLocalAuthToken() which only checks in-memory and sessionStorage — both unavailable during SSR. The env token (NEXT_PUBLIC_LOCAL_AUTH_TOKEN) was defined but never called in the auth flow. Now useAuth, hasLocalAuthToken, and customFetch all fall back to getEnvToken() so SSR correctly identifies the local user as signed in and admin. --- frontend/src/api/mutator.ts | 4 ++-- frontend/src/auth/clerk.tsx | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/frontend/src/api/mutator.ts b/frontend/src/api/mutator.ts index 0c0037c..257eeeb 100644 --- a/frontend/src/api/mutator.ts +++ b/frontend/src/api/mutator.ts @@ -1,4 +1,4 @@ -import { getLocalAuthToken, isLocalAuthMode } from "@/auth/localAuth"; +import { getEnvToken, getLocalAuthToken, isLocalAuthMode } from "@/auth/localAuth"; import { getApiBaseUrl } from "@/lib/api-base"; type ClerkSession = { @@ -48,7 +48,7 @@ export const customFetch = async ( headers.set("Content-Type", "application/json"); } if (isLocalAuthMode() && !headers.has("Authorization")) { - const token = getLocalAuthToken(); + const token = getLocalAuthToken() ?? getEnvToken(); if (token) { headers.set("Authorization", `Bearer ${token}`); } diff --git a/frontend/src/auth/clerk.tsx b/frontend/src/auth/clerk.tsx index a6508d4..7d3343e 100644 --- a/frontend/src/auth/clerk.tsx +++ b/frontend/src/auth/clerk.tsx @@ -16,10 +16,10 @@ import { } from "@clerk/nextjs"; import { isLikelyValidClerkPublishableKey } from "@/auth/clerkKey"; -import { getLocalAuthToken, isLocalAuthMode } from "@/auth/localAuth"; +import { getEnvToken, getLocalAuthToken, isLocalAuthMode } from "@/auth/localAuth"; function hasLocalAuthToken(): boolean { - return Boolean(getLocalAuthToken()); + return Boolean(getLocalAuthToken() ?? getEnvToken()); } export function isClerkEnabled(): boolean { @@ -76,7 +76,7 @@ export function useUser() { export function useAuth() { if (isLocalAuthMode()) { - const token = getLocalAuthToken(); + const token = getLocalAuthToken() ?? getEnvToken(); return { isLoaded: true, isSignedIn: Boolean(token),