From f069ba38273c62117f44c40d5f2958d748c1bbcd Mon Sep 17 00:00:00 2001
From: yohlo <yohlerkyle@gmail.com>
Date: Mon, 9 Feb 2026 12:14:38 -0600
Subject: [PATCH] include supertokens api key

---
 src/lib/supertokens/server.ts | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/lib/supertokens/server.ts b/src/lib/supertokens/server.ts
index b563c7f..be2d736 100644
--- a/src/lib/supertokens/server.ts
+++ b/src/lib/supertokens/server.ts
@@ -1,12 +1,12 @@
 import SuperTokens from "supertokens-node";
 import Session from "supertokens-node/recipe/session";
-import { TypeInput } from "supertokens-node/types";
 import Dashboard from "supertokens-node/recipe/dashboard";
 import UserRoles from "supertokens-node/recipe/userroles";
 import { appInfo } from "./config";
 import PasswordlessDevelopmentMode from "./recipes/passwordless-development-mode";
-import { logger } from "./";
 import PasswordlessTwilioVerify from "./recipes/passwordless-twilio-verify";
+import { logger } from "./";
+import type { TypeInput } from "supertokens-node/types";
 
 export const backendConfig = (): TypeInput => {
   return {
@@ -14,25 +14,26 @@ export const backendConfig = (): TypeInput => {
     supertokens: {
       connectionURI:
         process.env.SUPERTOKENS_URI || "https://try.supertokens.io",
+      apiKey: process.env.SUPERTOKENS_API_KEY || undefined,
     },
     appInfo,
     recipeList: [
-      //PasswordlessTwilioVerify.init(),
-      PasswordlessDevelopmentMode.init(),
+      process.env.NODE_ENV === 'production' 
+        ? PasswordlessTwilioVerify.init()
+        : PasswordlessDevelopmentMode.init(),
       Session.init({
         cookieSameSite: "lax",
-        cookieSecure: import.meta.env.NODE_ENV === "production",
-        cookieDomain:
-          import.meta.env.NODE_ENV === "production" ? ".example.com" : undefined,
-        antiCsrf: import.meta.env.NODE_ENV === "production" ? "VIA_TOKEN" : "NONE",
+        cookieSecure: process.env.NODE_ENV === "production",
+        cookieDomain: process.env.COOKIE_DOMAIN || undefined,
+        antiCsrf: process.env.NODE_ENV === "production" ? "VIA_TOKEN" : "NONE",
 
         // Debug only
-        exposeAccessTokenToFrontendInCookieBasedAuth: true,
+        exposeAccessTokenToFrontendInCookieBasedAuth: process.env.NODE_ENV !== "production",
       }),
       Dashboard.init(),
       UserRoles.init(),
     ],
-    telemetry: import.meta.env.NODE_ENV !== "production",
+    telemetry: process.env.NODE_ENV !== "production",
   };
 };