public playground warning

.env.example

@@ -11,18 +11,7 @@
 
 # Prisma
 # https://www.prisma.io/docs/reference/database-reference/connection-urls#env
-DATABASE_URL="file:./db.sqlite"
+DATABASE_URL="postgresql://postgres:postgres@localhost:5432/prompt-lab?schema=public"
 
-# Next Auth
-# You can generate a new secret on the command line with:
-# openssl rand -base64 32
-# https://next-auth.js.org/configuration/options#secret
-# NEXTAUTH_SECRET=""
-NEXTAUTH_URL="http://localhost:3000"
-
-# Next Auth Discord Provider
-DISCORD_CLIENT_ID=""
-DISCORD_CLIENT_SECRET=""
-
-NODE_ENV="development"
+# OpenAI
 OPENAI_API_KEY=""

Dockerfile

@@ -19,6 +19,7 @@ FROM base as builder
 
 # Include all NEXT_PUBLIC_* env vars here
 ARG NEXT_PUBLIC_POSTHOG_KEY
+ARG NEXT_PUBLIC_IS_PUBLIC_PLAYGROUND
 
 WORKDIR /app
 COPY --from=deps /app/node_modules ./node_modules

src/components/PublicPlaygroundWarning.tsx

@@ -0,0 +1,22 @@
+import { Flex, Icon, Link, Text } from "@chakra-ui/react";
+import { BsExclamationTriangleFill } from "react-icons/bs";
+import { env } from "~/env.mjs";
+
+export default function PublicPlaygroundWarning() {
+  console.log(env);
+  if (!env.NEXT_PUBLIC_IS_PUBLIC_PLAYGROUND) return null;
+
+  return (
+    <Flex bgColor="red.600" color="whiteAlpha.900" p={2} align="center">
+      <Icon boxSize={4} mr={2} as={BsExclamationTriangleFill} />
+      <Text>
+        Warning: this is a public playground. Anyone can see, edit or delete your experiments. For
+        private use,{" "}
+        <Link textDecor="underline" href="https://github.com/corbt/prompt-lab">
+          run a local copy
+        </Link>
+        .
+      </Text>
+    </Flex>
+  );
+}

src/components/nav/AppShell.tsx

@@ -16,6 +16,7 @@ import { RiFlaskLine } from "react-icons/ri";
 import { useRouter } from "next/router";
 import Link from "next/link";
 import { useHandledAsyncCallback } from "~/utils/hooks";
+import PublicPlaygroundWarning from "../PublicPlaygroundWarning";
 
 const ExperimentLink = forwardRef<BoxProps & { active: boolean | undefined }, "a">(
   ({ children, active, ...props }, ref) => (
@@ -51,7 +52,9 @@ export default function AppShell(props: { children: React.ReactNode; title?: str
   }, [createMutation, router]);
 
   return (
-    <Flex minH="100vh">
+    <VStack align="stretch" spacing={0} h="100vh">
+      <PublicPlaygroundWarning />
+      <Flex flex={1}>
         <Head>
           <title>{props.title ? `${props.title} | Prompt Lab` : "Prompt Lab"}</title>
         </Head>
@@ -105,5 +108,6 @@ export default function AppShell(props: { children: React.ReactNode; title?: str
           {props.children}
         </Box>
       </Flex>
+    </VStack>
   );
 }

src/env.mjs

@@ -8,19 +8,7 @@ export const env = createEnv({
    */
   server: {
     DATABASE_URL: z.string().url(),
-    NODE_ENV: z.enum(["development", "test", "production"]),
-    NEXTAUTH_SECRET:
-      process.env.NODE_ENV === "production" ? z.string().min(1) : z.string().min(1).optional(),
-    NEXTAUTH_URL: z.preprocess(
-      // This makes Vercel deployments not fail if you don't set NEXTAUTH_URL
-      // Since NextAuth.js automatically uses the VERCEL_URL if present.
-      (str) => process.env.VERCEL_URL ?? str,
-      // VERCEL_URL doesn't include `https` so it cant be validated as a URL
-      process.env.VERCEL ? z.string().min(1) : z.string().url()
-    ),
-    // Add `.min(1) on ID and SECRET if you want to make sure they're not empty
-    DISCORD_CLIENT_ID: z.string(),
-    DISCORD_CLIENT_SECRET: z.string(),
+    NODE_ENV: z.enum(["development", "test", "production"]).default("development"),
     OPENAI_API_KEY: z.string().min(1),
   },
 
@@ -30,7 +18,12 @@ export const env = createEnv({
    * `NEXT_PUBLIC_`.
    */
   client: {
-    NEXT_PUBLIC_POSTHOG_KEY: z.string(),
+    NEXT_PUBLIC_POSTHOG_KEY: z.string().optional(),
+    NEXT_PUBLIC_IS_PUBLIC_PLAYGROUND: z
+      .string()
+      .optional()
+      .default("false")
+      .transform((val) => val.toLowerCase() === "true"),
   },
 
   /**
@@ -40,12 +33,9 @@ export const env = createEnv({
   runtimeEnv: {
     DATABASE_URL: process.env.DATABASE_URL,
     NODE_ENV: process.env.NODE_ENV,
-    NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET,
-    NEXTAUTH_URL: process.env.NEXTAUTH_URL,
-    DISCORD_CLIENT_ID: process.env.DISCORD_CLIENT_ID,
-    DISCORD_CLIENT_SECRET: process.env.DISCORD_CLIENT_SECRET,
     OPENAI_API_KEY: process.env.OPENAI_API_KEY,
     NEXT_PUBLIC_POSTHOG_KEY: process.env.NEXT_PUBLIC_POSTHOG_KEY,
+    NEXT_PUBLIC_IS_PUBLIC_PLAYGROUND: process.env.NEXT_PUBLIC_IS_PUBLIC_PLAYGROUND,
   },
   /**
    * Run `build` or `dev` with `SKIP_ENV_VALIDATION` to skip env validation.

src/utils/api.ts

@@ -35,7 +35,7 @@ export const api = createTRPCNext<AppRouter>({
       links: [
         loggerLink({
           enabled: (opts) =>
-            process.env.NODE_ENV === "development" ||
+            (process.env.NODE_ENV ?? "development") === "development" ||
             (opts.direction === "down" && opts.result instanceof Error),
         }),
         httpBatchLink({