diff --git a/apps/frontend/nuxt.config.ts b/apps/frontend/nuxt.config.ts index 3fbc024304..d496beff95 100644 --- a/apps/frontend/nuxt.config.ts +++ b/apps/frontend/nuxt.config.ts @@ -208,7 +208,7 @@ export default defineNuxtConfig({ rateLimitKey: process.env.RATE_LIMIT_IGNORE_KEY ?? globalThis.RATE_LIMIT_IGNORE_KEY, pyroBaseUrl: process.env.PYRO_BASE_URL, intercomIdentitySecret: - process.env.INTERCOM_IDENTITY_SECRET || + process.env.INTERCOM_IDENTITY_SECRET ?? // @ts-ignore globalThis.INTERCOM_IDENTITY_SECRET, public: { diff --git a/apps/frontend/src/server/routes/api/intercom/messenger-jwt.get.ts b/apps/frontend/src/server/routes/api/intercom/messenger-jwt.get.ts index 047f85d865..996e7384af 100644 --- a/apps/frontend/src/server/routes/api/intercom/messenger-jwt.get.ts +++ b/apps/frontend/src/server/routes/api/intercom/messenger-jwt.get.ts @@ -7,6 +7,17 @@ type IntercomTokenResponse = { token: string } +async function getIntercomKeyFromSecretsStore(): Promise { + try { + const mod = 'cloudflare:workers' + const { env } = await import(/* @vite-ignore */ mod) + return await env.INTERCOM_IDENTITY_SECRET?.get() + } catch { + // Not running in Cloudflare Workers environment + return undefined + } +} + async function signIntercomUserJwt( user: { id: string; username: string; email?: string; created: string }, secret: string, @@ -51,8 +62,10 @@ export default defineEventHandler(async (event): Promise setHeader(event, 'cache-control', 'private, no-store, max-age=0') - const config = useRuntimeConfig(event) - if (!config.intercomIdentitySecret) { + const intercomSecret = + useRuntimeConfig(event).intercomIdentitySecret ?? (await getIntercomKeyFromSecretsStore()) + + if (!intercomSecret) { throw createError({ statusCode: 500, message: 'Intercom identity secret is not configured', @@ -91,7 +104,7 @@ export default defineEventHandler(async (event): Promise }) } - const token = await signIntercomUserJwt(user, config.intercomIdentitySecret) + const token = await signIntercomUserJwt(user, intercomSecret) return { token,