Expose PocketBase URL to client-side for OIDC auth

POCKETBASE_URL was only available server-side, causing the login page to fall back to localhost:8090 in the browser. Renamed to NEXT_PUBLIC_POCKETBASE_URL so Next.js bundles it into client code. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-11 17:33:52 +00:00
parent 6ebd9788e1
commit 3567fbafd7
6 changed files with 9 additions and 8 deletions
--- a/.env.example
+++ b/.env.example
@@ -6,7 +6,7 @@ APP_URL=https://phaseflow.yourdomain.com
 NODE_ENV=development
 # PocketBase
-POCKETBASE_URL=http://localhost:8090
+NEXT_PUBLIC_POCKETBASE_URL=http://localhost:8090
 # Email (Resend)
 RESEND_API_KEY=re_xxxxxxxxxxxx
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -18,7 +18,7 @@ Run these after implementing to get immediate feedback:
 ## Operational Notes
- Database: PocketBase at `POCKETBASE_URL` env var
+- Database: PocketBase at `NEXT_PUBLIC_POCKETBASE_URL` env var
 - Garmin tokens encrypted with AES-256 using `ENCRYPTION_KEY` (32 chars)
 - Path aliases: `@/*` maps to `./src/*`
 - Pre-commit hooks: Biome lint + Vitest tests via Lefthook
--- a/docker.nix
+++ b/docker.nix
@@ -37,7 +37,7 @@ let
      export RESEND_API_KEY="re_build_placeholder"
      export ENCRYPTION_KEY="build_placeholder_32_chars_long!"
      export CRON_SECRET="build_placeholder_secret"
-      export POCKETBASE_URL="http://localhost:8090"
+      export NEXT_PUBLIC_POCKETBASE_URL="http://localhost:8090"
      export APP_URL="https://phaseflow.v.paler.net"
      # Install dependencies
--- a/spec.md
+++ b/spec.md
@@ -645,7 +645,7 @@ APP_URL=https://phaseflow.yourdomain.com
 NODE_ENV=production
 # PocketBase
-POCKETBASE_URL=http://localhost:8090
+NEXT_PUBLIC_POCKETBASE_URL=http://localhost:8090
 # Email (Resend)
 RESEND_API_KEY=xxx
@@ -700,7 +700,7 @@ job "phaseflow" {
        data = <<EOF
 {{ with nomadVar "nomad/jobs/phaseflow" }}
 APP_URL={{ .app_url }}
-POCKETBASE_URL={{ .pocketbase_url }}
+NEXT_PUBLIC_POCKETBASE_URL={{ .pocketbase_url }}
 RESEND_API_KEY={{ .resend_key }}
 ENCRYPTION_KEY={{ .encryption_key }}
 CRON_SECRET={{ .cron_secret }}
--- a/specs/authentication.md
+++ b/specs/authentication.md
@@ -9,7 +9,7 @@ When I access PhaseFlow, I want to securely log in with my identity provider, so
 Using PocketBase for authentication and data storage, with OIDC (Pocket-ID) as the primary identity provider.
 **Connection:**
- `POCKETBASE_URL` environment variable
+- `NEXT_PUBLIC_POCKETBASE_URL` environment variable
 - `src/lib/pocketbase.ts` initializes client
 ## Login Flow
@@ -73,7 +73,7 @@ All routes except `/login` require authentication.
 API routes access current user via:
 ```typescript
-const pb = new PocketBase(process.env.POCKETBASE_URL);
+const pb = new PocketBase(process.env.NEXT_PUBLIC_POCKETBASE_URL);
 // Auth token from request cookies
 const user = pb.authStore.model;
 ```
--- a/src/lib/pocketbase.ts
+++ b/src/lib/pocketbase.ts
@@ -5,7 +5,8 @@ import PocketBase, { type RecordModel } from "pocketbase";
 import type { OverrideType, User } from "@/types";
-const POCKETBASE_URL = process.env.POCKETBASE_URL || "http://localhost:8090";
+const POCKETBASE_URL =
  process.env.NEXT_PUBLIC_POCKETBASE_URL || "http://localhost:8090";
 /**
 * Singleton PocketBase client for client-side usage.