#87 - Force Auth Secret to be set, else throw Exception

Author: jasonbahl

src/Auth.php

@@ -23,7 +23,7 @@ class Auth {
 	public static function get_secret_key() {
 
 		// Use the defined secret key, if it exists
-		$secret_key = defined( 'GRAPHQL_JWT_AUTH_SECRET_KEY' ) && ! empty( GRAPHQL_JWT_AUTH_SECRET_KEY ) ? GRAPHQL_JWT_AUTH_SECRET_KEY : 'graphql-jwt-auth';
+		$secret_key = defined( 'GRAPHQL_JWT_AUTH_SECRET_KEY' ) && ! empty( GRAPHQL_JWT_AUTH_SECRET_KEY ) ? GRAPHQL_JWT_AUTH_SECRET_KEY : null;
 		return apply_filters( 'graphql_jwt_auth_secret_key', $secret_key );
 
 	}

wp-graphql-jwt-authentication.php

@@ -189,12 +189,20 @@ private static function init() {
 			 * response status to 403.
 			 */
 			add_action( 'init_graphql_request', function() {
-				$token = Auth::validate_token();
-				if ( is_wp_error( $token ) ) {
-					add_action( 'graphql_before_resolve_field', function() use ( $token ) {
-						throw new \Exception( $token->get_error_code() . ' | ' . $token->get_error_message() );
-					}, 1 );
+
+				$jwt_secret = Auth::get_secret_key();
+				if ( empty( $jwt_secret ) || 'graphql-jwt-auth' === $jwt_secret ) {
+					throw new \Exception( __( 'You must define the GraphQL JWT Auth secret to use the WPGraphQL JWT Authentication plugin.', 'graphql-jwt-auth' ) );
+				} else {
+					$token = Auth::validate_token();
+					if ( is_wp_error( $token ) ) {
+						add_action( 'graphql_before_resolve_field', function() use ( $token ) {
+							throw new \Exception( $token->get_error_code() . ' | ' . $token->get_error_message() );
+						}, 1 );
+					}
 				}
+
+
 			} );
 
 		}