#Calling a function w/ .env variables in an onSubmit()

it sounds like onSubmit is from a client component. In client components server variables are not available. That's why you don't get the env variable

two things u can do

yes, you need to handle that serverside. You can either create an route handler (api endpoint) or server action

lmao

its a public api route rightß

have a middleware route that handles your request and forwards it to the user creation endpoint,

or have a server action

middleware route? Whats that? xD

a endpoint as middleware

for example /beefbonestinks and that sends a request to /creatuser

And you want to ensure that only your app can access this endpoint? No external sites?

ahh that makes more sense, yea

when your route is public, you can add a public api key, that the user (client) somehow receives when using your page. This api key can then be verified by your server. Keep in mind: the public api key is shared with the client so it can be published and there can still abuse of your functions.

Some things you might want to consider are ratelimiting by ip. Another thing you might want to think of is by using CORS to only allow requests from a specific origin. That's just a basic protection and you should add an additional layer of security on the network level to prevent unwanted access

or just have a captcha system from google or cloudflare

he want to prevent external access

then you only need to create an api route or server action

for a route handler its:

export async function POST(request: Request) {
  const res = await request.json()
// do stuff
  return Response.json({ res })
}

And for server actions its an extra file with:

'use server'
 
export async function create() {
  // do stuff
}

no there is no special place for the file

can you console.log the response? Maybe even the await response.json() if it#s json

yeah u can prevent it like that since turnstile for example wont allow u to just generate a token using a different hostname

hold on

so

so token is null?

what about response.json?

normally telegram gives an response everytime

@spiral delta

do it like this:

const json = await response.json();
console.log(json, response)

Update:
First he needed to use a server action or route handler: #1276608412519628862 message
Then he encountered an error, that he can't see any response: #1276608412519628862 message
The solution for that was to log the json and response differently than he done (see this message).
Like that he can see that his backend works fine: #1276608412519628862 message

are u sure the token is defined

oh

it's not #1276608412519628862 message

wait im confused

surprisingly, the await getTelegraAutenticationToken() works fine,

@spiral delta console.log your token and the patient

first he logs the json and the response xD

see @glass cypress ^

whats with the patient

ye

that looks great.

statusText: 'OK',
and valid json:
id: 'pat::2723b785-9529-4db2-8e97-16c537712083',
email: 'david@theinnodsdsvationlab.dev',

status: 200,

everything is fine

the token thing?

that we recommended to use sevrerside stuff to get the env variable?

makes sense

which message was the one, that solved this thread the most?

I know there are all important, but which message was the most helpful?

so this one if I understood you right?:
#1276608412519628862 message

sure, take your time. Now you know how to check the response

happy to help

wow that's a lot! You'll need it a lot more in the future. And whenever you need it, just think about this thread and you are good to go 😊

this thread is already solved. Create another thread and also share the ommited message (you see it in the server console). For only this new thread, you can ping me once

but I guess you can quickly solve this:

Patient validation failed: dateOfBirth: Cast to date failed for value "Invalid Date" (type Date) at path "dateOfBirth"',