🧑‍💻 Launch manifest on dev mode without token secret key

[brunobuddy]

Description

This PR allows to run Manifest on development and contribution mode without specifying a TOKEN_SECRET_KEY in the .env file.

Why is this important ?

Stackblitz removes the .env files in embed editors (like Manifest playground page). To prevent asking the user to add it manually, I had to change the behavior and set a default secret key if there is no .env file.

However this is a security issue on production. To prevent that we throw an error if the environment is production and the key is not specified

How can it be tested?

• Go to packages/core/manifest
• Run with or without TOKEN_SECRET_KEY in packages/core/manifest/.env.contribution. It should work the same
• Switch the NODE_ENV to production and remove the key. The npm run dev task should throw an error saying that it can't run without a secret key

Impacted packages

Check the NPM packages that require a new publication or release:

• manifest
• add-manifest
• @mnfst/sdk

Check list before submitting

• I have performed a self-review of my code (no debugs, no commented code, good naming, etc.)
• I wrote the relative tests
• I created a PR for the documentation if necessary and attached the link to this PR
• This PR is wrote in a clear language and correctly labeled

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
manifest-schema	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Dec 6, 2024 9:55am