refactor(auth): rename self-host secret key to self-host token and update related logic

djabarovgeorge · djabarovgeorge · commit 92f60d78d1b9 · 2025-05-06T19:42:48.000+03:00
- Changed environment variable from `SELF_HOSTED_SECRET_KEY` to `SELF_HOSTED_TOKEN`.
- Updated header keys in `SelfHostSecretGuard` and `jwt-manager` to reflect the new naming.
- Adjusted error messages for missing and invalid tokens.
diff --git a/apps/api/src/app/auth/framework/self-host-secret.guard.ts b/apps/api/src/app/auth/framework/self-host-secret.guard.ts
@@ -4,18 +4,18 @@ import { HttpRequestHeaderKeysEnum } from '@novu/application-generic';
 @Injectable()
 export class SelfHostSecretGuard implements CanActivate {
   canActivate(context: ExecutionContext): boolean {
-    const secretKey = process.env.SELF_HOSTED_SECRET_KEY;
+    const secretKey = process.env.SELF_HOSTED_TOKEN;
     if (!secretKey) return true;
 
     const request = context.switchToHttp().getRequest();
-    const headerKey = request.headers[HttpRequestHeaderKeysEnum.NOVU_SELF_HOSTED_SECRET_KEY.toLowerCase()];
+    const headerKey = request.headers[HttpRequestHeaderKeysEnum.NOVU_SELF_HOSTED_TOKEN.toLowerCase()];
 
     if (!headerKey) {
-      throw new UnauthorizedException('Missing self-host secret key');
+      throw new UnauthorizedException('Missing self-host token');
     }
 
     if (headerKey !== secretKey) {
-      throw new UnauthorizedException('Invalid self-host secret key');
+      throw new UnauthorizedException('Invalid self-host token');
     }
 
     return true;
diff --git a/apps/dashboard/src/config/index.ts b/apps/dashboard/src/config/index.ts
@@ -32,7 +32,7 @@ export const ONBOARDING_DEMO_WORKFLOW_ID = 'onboarding-demo-workflow';
 
 export const IS_SELF_HOSTED = import.meta.env.VITE_SELF_HOSTED;
 
-export const SELF_HOSTED_SECRET_KEY = import.meta.env.VITE_SELF_HOSTED_SECRET_KEY;
+export const SELF_HOSTED_TOKEN = import.meta.env.VITE_SELF_HOSTED_TOKEN;
 
 if (!IS_SELF_HOSTED && !CLERK_PUBLISHABLE_KEY) {
   throw new Error('Missing Clerk Publishable Key');
diff --git a/apps/dashboard/src/utils/self-hosted/jwt-manager.tsx b/apps/dashboard/src/utils/self-hosted/jwt-manager.tsx
@@ -1,13 +1,11 @@
 import { get } from '../../api/api.client';
-import { SELF_HOSTED_SECRET_KEY } from '../../config';
+import { SELF_HOSTED_TOKEN } from '../../config';
 
 const JWT_STORAGE_KEY = 'self-hosted-jwt';
 
 export async function refreshJwt(): Promise<string | null> {
   try {
-    const headers: HeadersInit = SELF_HOSTED_SECRET_KEY
-      ? { 'novu-self-hosted-secret-key': SELF_HOSTED_SECRET_KEY }
-      : {};
+    const headers: HeadersInit = SELF_HOSTED_TOKEN ? { 'novu-self-hosted-token': SELF_HOSTED_TOKEN } : {};
     const result = await get<{ data: { token: string } }>('/auth/self-hosted', { headers });
     const token = result?.data?.token;
 
diff --git a/libs/application-generic/src/http/headers.types.ts b/libs/application-generic/src/http/headers.types.ts
@@ -12,7 +12,7 @@ export enum HttpRequestHeaderKeysEnum {
   NOVU_USER_AGENT = 'Novu-User-Agent',
   BYPASS_TUNNEL_REMINDER = 'Bypass-Tunnel-Reminder',
   IDEMPOTENCY_KEY = 'Idempotency-Key',
-  NOVU_SELF_HOSTED_SECRET_KEY = 'Novu-Self-Hosted-Secret-Key',
+  NOVU_SELF_HOSTED_TOKEN = 'Novu-Self-Hosted-Token',
 }
 testHttpHeaderEnumValidity(HttpRequestHeaderKeysEnum);
 

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ export enum HttpRequestHeaderKeysEnum {`
`12`	`12`	`NOVU_USER_AGENT = 'Novu-User-Agent',`
`13`	`13`	`BYPASS_TUNNEL_REMINDER = 'Bypass-Tunnel-Reminder',`
`14`	`14`	`IDEMPOTENCY_KEY = 'Idempotency-Key',`
`15`		`- NOVU_SELF_HOSTED_SECRET_KEY = 'Novu-Self-Hosted-Secret-Key',`
	`15`	`+ NOVU_SELF_HOSTED_TOKEN = 'Novu-Self-Hosted-Token',`
`16`	`16`	`}`
`17`	`17`	`testHttpHeaderEnumValidity(HttpRequestHeaderKeysEnum);`
`18`	`18`