nyxcore-systems
6 min read

The Invisible Wall: How Node's Crypto Module Silently Broke My Edge Runtime Auth

A critical bug prevented new users from joining our platform after accepting an invitation. The culprit? A silent Edge Runtime crash caused by a hidden dependency on Node's `crypto` module.

Next.jsEdge RuntimeJWTAuthenticationPrismaDebuggingProduction

Picture this: A user receives an invitation to your shiny new SaaS platform, nyxcore.cloud. They click the link, accept the invite, and log in. The invitation is marked as 'used,' a clear sign of success. But then... nothing. No tenant membership. No access to the data they were invited to see. Just a baffling dead end.

This was the frustrating scenario that kicked off my recent development session. The goal was clear: fix the Edge Runtime crash in our JWT callback that prevented tenant membership creation after invitation acceptance.

The Silent Killer: Edge Runtime vs. Node.js

Our platform leverages Next.js, and a crucial part of our authentication flow – specifically, the JWT callback that runs within the Edge Runtime – was silently failing. The symptom was insidious: the invitation was consumed (usedAt was set in the database), but the subsequent step of creating the tenant membership never fired.

The root cause? A subtle clash between runtime environments.

The Problematic Import

Our invitation-service.ts module, responsible for handling invitation logic, had a dependency on Node's built-in crypto module for generating secure tokens elsewhere in the application. This is perfectly fine when invitation-service.ts is called from a Node.js runtime environment (like a standard Next.js API route or server-side function).

However, our src/server/auth.ts file, which contains the critical JWT callback, runs in the Edge Runtime (as Next.js middleware). When auth.ts imported findAndConsumeForUser from invitation-service.ts, it implicitly pulled in the entire dependency tree, including Node's crypto module.

Edge Runtimes are designed to be lightweight and fast, distributed globally. They intentionally lack access to Node.js-specific APIs like crypto, fs, or path. Instead of throwing a loud, explicit error when it encountered crypto, the Edge Runtime simply... crashed. Silently. The JWT callback would abort, preventing the final, critical step of creating the tenant membership.

The Fix: Decoupling, Inlining, and Bulletproofing

Solving this required a multi-pronged approach to ensure both functionality and resilience:

  1. Surgical Decoupling: The first step was to remove the problematic import entirely. We deleted the findAndConsumeForUser import from src/server/auth.ts. This immediately severed the link to the Node.js crypto module.

  2. Inlining Critical Logic: The necessary invitation auto-consume logic (checking for and marking an invitation as used) was inlined directly within the JWT callback. This was done using only Prisma queries, ensuring that no Node-specific dependencies were introduced into the Edge Runtime context. While the primary path for membership creation happens in a Node.js API route, this inlined logic serves as a robust fallback.

  3. Bulletproofing with Try-Catch: This was a crucial defensive measure. Every single Prisma call within the JWT callback was wrapped in a try-catch block. Why? Because even if the database connection temporarily falters, we want the authentication process to continue. A user should still be able to log in, even if the invitation status update or membership creation fails for a moment. We log the error, but we don't block the user's access.

Here's a simplified look at the JWT callback after the changes:

typescript
// src/server/auth.ts (simplified excerpt)
import { NextAuthOptions } from "next-auth";
import { PrismaAdapter } from "@auth/prisma-adapter";
import { prisma } from "./db"; // Our Prisma client

export const authOptions: NextAuthOptions = {
    adapter: PrismaAdapter(prisma),
    providers: [
        // ... your providers (Google, GitHub, etc.)
    ],
    callbacks: {
        async jwt({ token, user }) {
            // Standard user ID assignment
            if (user) {
                token.id = user.id;
            }

            // Inlined invitation processing for robustness
            if (token.email) {
                try {
                    const invitation = await prisma.invitation.findFirst({
                        where: {
                            email: token.email,
                            usedAt: null, // Only active invitations
                            expiresAt: { gt: new Date() }, // Not expired
                        },
                    });

                    if (invitation) {
                        // Mark invitation as used (if not already handled by primary invite route)
                        await prisma.invitation.update({
                            where: { id: invitation.id },
                            data: { usedAt: new Date() },
                        });
                        // Further logic to create tenant membership as a fallback
                        // (details omitted for brevity, but would involve Prisma calls)
                    }
                } catch (error) {
                    console.error("Error processing invitation in JWT callback:", error);
                    // CRITICAL: Do NOT re-throw or block authentication here.
                    // Log the error and allow the JWT callback to complete.
                    // The user should still be able to log in, even if invitation update fails.
                }
            }
            return token;
        },
        // ... other callbacks
    },
    // ... other NextAuth.js configuration
};

Lessons Learned (The Hard Way)

This session was a stark reminder of several critical development principles:

  1. Edge Runtime is NOT Node.js: This is the most important takeaway. Be extremely vigilant about what you import into Edge Runtime contexts (Next.js middleware, API routes configured for Edge). If a module or any of its dependencies use Node.js-specific APIs, it will crash silently. Static analysis tools or careful code reviews are essential.
  2. Silent Failures are the Worst: Debugging a silent crash is infinitely harder than a loud, explicit error message. Invest in robust logging and monitoring, especially for critical authentication and data paths.
  3. Defensive Programming is Key: For critical paths like authentication, assume external services (like your database) might be temporarily unavailable. Wrapping external calls in try-catch blocks for graceful degradation is far better than a complete service lockout.
  4. Prisma Migrations on Production: When dealing with custom database types (like vector for pgvector), prisma db push can be overly aggressive. It wanted to DROP our embedding vector(1536) column, which is a big no-no for production. For schema changes involving complex types, raw SQL migrations are often safer and more explicit for production environments. Never use db push --accept-data-loss on production unless you really know what you're doing and have backups.

Beyond the Core Fix

With the critical Edge Runtime bug squashed (commit 54933e0), we deployed the fix to nyxcore.cloud. We also took the opportunity to:

  • Streamline Tenant Naming: Renamed our production tenants from clarait to nyx and acme to clarait for clearer internal branding.
  • Verify Tenant Isolation: Confirmed that oliver.baer+test@gmail.com (a member of Clarait) could not see nyx tenant data. Our multi-tenancy model is holding strong.

Our journey continues with a few immediate next steps:

  • Submitting nyxcore.cloud for Google Safe Browsing review (it's currently flagged due to an earlier, unrelated issue).
  • Developing E2E tests for superadmin flows (tenant creation, invitation, switching).
  • Refining our Prisma migration workflow to gracefully handle custom pgvector columns.
  • A critical rotation of sensitive secrets (OpenAI key, Anthropic key, JWT secret, encryption key, DB password) due to a previous, minor exposure.
  • Testing the tenant switcher UX for superadmins to ensure seamless and isolated data views.

This session was a powerful reminder that even seemingly innocuous details can bring down critical systems when operating in specialized environments like the Edge Runtime. Understanding your runtime's limitations, building for resilience, and maintaining a robust deployment and testing strategy are paramount. Keep shipping, keep learning!

json
{
  "thingsDone": [
    "Diagnosed Edge Runtime crash in JWT callback",
    "Removed Node's `crypto` module dependency from Edge Runtime context",
    "Inlined invitation auto-consume logic with Prisma in JWT callback",
    "Wrapped all Prisma calls in JWT callback in try-catch for robustness",
    "Deployed fix to production (nyxcore.cloud)",
    "Renamed production tenants (`clarait` -> `nyx`, `acme` -> `clarait`)",
    "Verified tenant isolation"
  ],
  "pains": [
    "Silent Edge Runtime crash due to Node `crypto` import",
    "JWT callback failure preventing tenant membership creation",
    "Prisma `db push` blocked on production due to `pgvector` column conflict",
    "Google Safe Browsing flagging `nyxcore.cloud`"
  ],
  "successes": [
    "Successfully fixed critical authentication bug",
    "Improved Edge Runtime resilience and robustness",
    "Verified production deployment and tenant isolation",
    "Established clearer production tenant naming"
  ],
  "techStack": [
    "Next.js",
    "Edge Runtime",
    "JWT",
    "NextAuth.js",
    "Prisma",
    "PostgreSQL",
    "pgvector",
    "Docker",
    "Git",
    "TypeScript"
  ]
}