create-nextblock 0.10.4 → 0.10.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-nextblock",
3
- "version": "0.10.4",
3
+ "version": "0.10.6",
4
4
  "description": "",
5
5
  "main": "index.js",
6
6
  "bin": {
@@ -1,10 +1,14 @@
1
1
  import {
2
- decryptOpenRouterApiKey,
3
2
  encryptOpenRouterApiKey,
4
3
  getMaskedOpenRouterKey,
5
4
  getOpenRouterKeyEnvelopeStatus,
6
5
  type EncryptedOpenRouterKeyEnvelope,
7
6
  } from './ai-key-crypto';
7
+ import {
8
+ hasSecretEncryptionKey,
9
+ resolveSecretEncryptionKey,
10
+ tryDecryptWithEnvKey,
11
+ } from '@nextblock-cms/db/server';
8
12
 
9
13
  const SERVER_ONLY_ERROR_MESSAGE =
10
14
  'Cortex AI configuration can only be imported from server-side code.';
@@ -33,17 +37,24 @@ export function getCortexAiEnvConfig() {
33
37
  return {
34
38
  encryptionKey: readEnvValue('CORTEX_AI_ENCRYPTION_KEY'),
35
39
  freemiusSandboxKey: readEnvValue('FREEMIUS_AI_SANDBOX_KEY'),
36
- hasEncryptionKey: Boolean(readEnvValue('CORTEX_AI_ENCRYPTION_KEY')),
40
+ // True when ANY usable key exists: an explicit env key OR the service-role-derived
41
+ // fallback — so BYOK works on a one-click Vercel deploy with no extra env var.
42
+ hasEncryptionKey: hasSecretEncryptionKey(),
37
43
  hasOpenRouterEnvKey: Boolean(openRouterApiKey),
38
44
  openRouterEnvKeyLast4: openRouterApiKey ? openRouterApiKey.slice(-4) : null,
39
45
  };
40
46
  }
41
47
 
42
48
  function requireEncryptionKey() {
43
- const encryptionKey = readEnvValue('CORTEX_AI_ENCRYPTION_KEY');
49
+ // Resolve via the shared chain: NEXTBLOCK_ENCRYPTION_KEY -> CORTEX_AI_ENCRYPTION_KEY ->
50
+ // a stable key derived from the Supabase service-role key. The derived fallback lets
51
+ // BYOK work out-of-the-box on hosted installs (e.g. one-click Vercel).
52
+ const encryptionKey = resolveSecretEncryptionKey();
44
53
 
45
54
  if (!encryptionKey) {
46
- throw new Error('CORTEX_AI_ENCRYPTION_KEY is required to manage stored OpenRouter keys.');
55
+ throw new Error(
56
+ 'An encryption key (NEXTBLOCK_ENCRYPTION_KEY, CORTEX_AI_ENCRYPTION_KEY, or a Supabase service-role key) is required to manage stored OpenRouter keys.'
57
+ );
47
58
  }
48
59
 
49
60
  return encryptionKey;
@@ -57,10 +68,16 @@ export function encryptStoredOpenRouterApiKey(apiKey: string) {
57
68
  }
58
69
 
59
70
  export function decryptStoredOpenRouterApiKey(encryptedKey: unknown) {
60
- return decryptOpenRouterApiKey({
61
- encryptedKey,
62
- encryptionSecret: requireEncryptionKey(),
63
- });
71
+ // Try every candidate key (explicit env keys + the derived fallback). This keeps a key
72
+ // stored under one key readable if another is added later, and matches the SMTP/payment
73
+ // secret behaviour. The envelope is byte-compatible with the shared secret-crypto format.
74
+ const result = tryDecryptWithEnvKey(encryptedKey);
75
+
76
+ if (result === null) {
77
+ throw new Error('Failed to decrypt stored OpenRouter key.');
78
+ }
79
+
80
+ return result;
64
81
  }
65
82
 
66
83
  export function getStoredOpenRouterKeyStatus(value: unknown) {
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nextblock-cms/template",
3
- "version": "0.10.4",
3
+ "version": "0.10.6",
4
4
  "private": true,
5
5
  "scripts": {
6
6
  "dev": "next dev",