perf(misc): derive twoFA inline; lazy-init Resend client

f-amine · f-amine · commit 7734f9a474da · 2026-05-15T16:17:04.000+01:00
Closes #89. apps/web/src/app/(app)/dashboard/security/page.tsx — drop the useState+useEffect that synced twoFA from session.user.twoFactorEnabled. Derived inline so it tracks the source of truth without an extra render. Also drop the optimistic setTwoFA in the Switch's onCheckedChange (the wizard target route is the real flip path). packages/email/src/lib/client.ts — Resend client is now a lazy singleton behind a Proxy. Importing @starter-saas/email no longer instantiates Resend at module load, so RESEND_API_KEY can be absent in environments that don't actually send mail; the first send call throws a clear error if the key is missing.
diff --git a/apps/web/src/app/(app)/dashboard/security/page.tsx b/apps/web/src/app/(app)/dashboard/security/page.tsx
@@ -37,15 +37,14 @@ type SessionRow = {
 
 export default function SecurityPage() {
 	const { data } = authClient.useSession();
-	const [twoFA, setTwoFA] = useState(false);
+	// Derive during render — Better Auth's useSession is the source of
+	// truth. The wizard at /security/2fa flips this server-side and a
+	// session refresh propagates the new value.
+	const twoFA = Boolean(
+		(data?.user as { twoFactorEnabled?: boolean })?.twoFactorEnabled,
+	);
 	const [sessions, setSessions] = useState<SessionRow[] | null>(null);
 
-	useEffect(() => {
-		setTwoFA(
-			Boolean((data?.user as { twoFactorEnabled?: boolean })?.twoFactorEnabled),
-		);
-	}, [data]);
-
 	useEffect(() => {
 		(async () => {
 			try {
@@ -94,13 +93,12 @@ export default function SecurityPage() {
 						<Switch
 							id="2fa"
 							checked={twoFA}
-							onCheckedChange={async (next) => {
+							onCheckedChange={(next) => {
 								toast.info(
 									next
 										? "2FA setup flow — wire to /security/2fa wizard"
 										: "Disabling 2FA — wire confirmation modal",
 								);
-								setTwoFA(next);
 							}}
 						/>
 					</CardContent>
diff --git a/packages/email/src/lib/client.ts b/packages/email/src/lib/client.ts
@@ -2,7 +2,28 @@ import { env } from "@starter-saas/env/server";
 import type { ReactElement } from "react";
 import { Resend } from "resend";
 
-export const resend = new Resend(env.RESEND_API_KEY);
+// Lazy singleton — instantiating Resend at module load means any caller
+// that imports `@starter-saas/email` pays the cost (and crashes if the
+// key is absent) even when no email is actually sent. Defer to first use.
+let _resend: Resend | null = null;
+function getResend(): Resend {
+	if (!_resend) {
+		if (!env.RESEND_API_KEY) {
+			throw new Error("RESEND_API_KEY is not set");
+		}
+		_resend = new Resend(env.RESEND_API_KEY);
+	}
+	return _resend;
+}
+
+// Kept as an export for direct callers (webhooks etc.) — same lazy path.
+export const resend = new Proxy({} as Resend, {
+	get(_target, prop) {
+		const r = getResend();
+		const value = (r as unknown as Record<string | symbol, unknown>)[prop];
+		return typeof value === "function" ? (value as () => unknown).bind(r) : value;
+	},
+});
 
 export type SendEmailInput = {
 	to: string | string[];
@@ -19,7 +40,7 @@ export async function sendEmail({
 	from,
 	replyTo,
 }: SendEmailInput) {
-	const { data, error } = await resend.emails.send({
+	const { data, error } = await getResend().emails.send({
 		from: from ?? env.EMAIL_FROM,
 		to,
 		subject,
