feat: validate server and client env variables (#149)

Author: bassgeta

.env.example

@@ -1,20 +1,20 @@
-ENCRYPTION_KEY=""
+ENCRYPTION_KEY="" # generate using `openssl rand -base64 32`
 DATABASE_URL="postgresql://easy-invoice:easy-invoice@localhost:7406/easy-invoice"
 GOOGLE_CLIENT_ID=""
 GOOGLE_CLIENT_SECRET=""
 GOOGLE_REDIRECT_URI="http://localhost:3000/login/google/callback"
 CURRENT_ENCRYPTION_VERSION="v1"
 REQUEST_API_URL=""
-REQUEST_API_KEY=""
+REQUEST_API_KEY="" # get it on our API portal
 NEXT_PUBLIC_REOWN_PROJECT_ID=""
-WEBHOOK_SECRET=""
+WEBHOOK_SECRET="" # get it on our API portal
 NEXT_PUBLIC_API_TERMS_CONDITIONS="https://request.network/api-terms"
 
-FEE_PERCENTAGE_FOR_PAYMENT=""
-FEE_ADDRESS_FOR_PAYMENT=""
+FEE_PERCENTAGE_FOR_PAYMENT=
+FEE_ADDRESS_FOR_PAYMENT=
 REDIS_URL=redis://localhost:7379
 
 # Optional
 # NEXT_PUBLIC_GTM_ID=""
 # NEXT_PUBLIC_CRYPTO_TO_FIAT_TRUSTED_ORIGINS=""
-INVOICE_PROCESSING_TTL=""
+INVOICE_PROCESSING_TTL="60"

.github/workflows/build-and-lint.yml

@@ -71,6 +71,8 @@ jobs:
     name: Build
     needs: install
     runs-on: ubuntu-latest
+    env:
+      SKIP_ENV_VALIDATION: "true"
     steps:
       - uses: actions/checkout@v4
 

next.config.mjs

@@ -1,3 +1,8 @@
+import { validateClientEnv } from "./src/lib/env/client.js";
+import { validateServerEnv } from "./src/lib/env/server.js";
+
+validateServerEnv();
+validateClientEnv();
 /** @type {import('next').NextConfig} */
 const nextConfig = {};
 

src/lib/env/client.js

@@ -0,0 +1,39 @@
+import { z } from "zod";
+import { shouldSkipValidation } from "./helpers.js";
+
+const clientEnvSchema = z.object({
+  NEXT_PUBLIC_REOWN_PROJECT_ID: z
+    .string()
+    .min(1, "NEXT_PUBLIC_REOWN_PROJECT_ID is required"),
+  NEXT_PUBLIC_GTM_ID: z.string().min(1, "NEXT_PUBLIC_GTM_ID is required"),
+  NEXT_PUBLIC_DEMO_MEETING: z.string().url().optional(),
+  NEXT_PUBLIC_API_TERMS_CONDITIONS: z.string().url().optional(),
+  NEXT_PUBLIC_CRYPTO_TO_FIAT_TRUSTED_ORIGINS: z.string().optional(),
+});
+
+export function validateClientEnv() {
+  if (shouldSkipValidation()) {
+    console.warn("⚠️ Skipping client environment variable validation.");
+    return;
+  }
+
+  const env = {
+    NEXT_PUBLIC_REOWN_PROJECT_ID: process.env.NEXT_PUBLIC_REOWN_PROJECT_ID,
+    NEXT_PUBLIC_GTM_ID: process.env.NEXT_PUBLIC_GTM_ID,
+    NEXT_PUBLIC_DEMO_MEETING: process.env.NEXT_PUBLIC_DEMO_MEETING,
+    NEXT_PUBLIC_API_TERMS_CONDITIONS:
+      process.env.NEXT_PUBLIC_API_TERMS_CONDITIONS,
+    NEXT_PUBLIC_CRYPTO_TO_FIAT_TRUSTED_ORIGINS:
+      process.env.NEXT_PUBLIC_CRYPTO_TO_FIAT_TRUSTED_ORIGINS,
+  };
+
+  const result = clientEnvSchema.safeParse(env);
+
+  if (!result.success) {
+    console.error(
+      "❌ Invalid client environment variables:",
+      result.error.flatten().fieldErrors,
+    );
+    throw new Error("Invalid client environment variables");
+  }
+}

src/lib/env/helpers.js

@@ -0,0 +1,3 @@
+export function shouldSkipValidation() {
+  return process.env.SKIP_ENV_VALIDATION === "true";
+}

src/lib/env/server.js

@@ -0,0 +1,64 @@
+import { z } from "zod";
+import { shouldSkipValidation } from "./helpers.js";
+
+const serverEnvSchema = z.object({
+  DATABASE_URL: z.string().min(1, "DATABASE_URL is required"),
+  GOOGLE_CLIENT_ID: z.string().min(1, "GOOGLE_CLIENT_ID is required"),
+  GOOGLE_CLIENT_SECRET: z.string().min(1, "GOOGLE_CLIENT_SECRET is required"),
+  REQUEST_API_URL: z.string().url("REQUEST_API_URL must be a valid URL"),
+  REQUEST_API_KEY: z.string().min(1, "REQUEST_API_KEY is required"),
+  WEBHOOK_SECRET: z.string().min(1, "WEBHOOK_SECRET is required"),
+  GOOGLE_REDIRECT_URI: z
+    .string()
+    .url("GOOGLE_REDIRECT_URI must be a valid URL"),
+  ENCRYPTION_KEY: z.string().min(1, "ENCRYPTION_KEY is required"),
+  CURRENT_ENCRYPTION_VERSION: z.union([z.literal("v1")], {
+    errorMap: () => ({
+      message: 'CURRENT_ENCRYPTION_VERSION must be "v1"',
+    }),
+  }),
+  FEE_PERCENTAGE_FOR_PAYMENT: z.coerce.string().min(1).max(100).optional(),
+  FEE_ADDRESS_FOR_PAYMENT: z
+    .string()
+    .trim()
+    .min(1, "FEE_ADDRESS_FOR_PAYMENT cannot be empty")
+    .optional(),
+  REDIS_URL: z.string().trim().url().optional(),
+  INVOICE_PROCESSING_TTL: z.coerce
+    .number()
+    .int()
+    .positive("INVOICE_PROCESSING_TTL must be a positive integer"),
+});
+
+export function validateServerEnv() {
+  if (shouldSkipValidation()) {
+    console.warn("⚠️ Skipping server environment variable validation.");
+    return;
+  }
+
+  const env = {
+    DATABASE_URL: process.env.DATABASE_URL,
+    GOOGLE_CLIENT_ID: process.env.GOOGLE_CLIENT_ID,
+    GOOGLE_CLIENT_SECRET: process.env.GOOGLE_CLIENT_SECRET,
+    REQUEST_API_URL: process.env.REQUEST_API_URL,
+    REQUEST_API_KEY: process.env.REQUEST_API_KEY,
+    WEBHOOK_SECRET: process.env.WEBHOOK_SECRET,
+    GOOGLE_REDIRECT_URI: process.env.GOOGLE_REDIRECT_URI,
+    ENCRYPTION_KEY: process.env.ENCRYPTION_KEY,
+    CURRENT_ENCRYPTION_VERSION: process.env.CURRENT_ENCRYPTION_VERSION,
+    FEE_PERCENTAGE_FOR_PAYMENT: process.env.FEE_PERCENTAGE_FOR_PAYMENT,
+    FEE_ADDRESS_FOR_PAYMENT: process.env.FEE_ADDRESS_FOR_PAYMENT,
+    REDIS_URL: process.env.REDIS_URL,
+    INVOICE_PROCESSING_TTL: process.env.INVOICE_PROCESSING_TTL,
+  };
+
+  const result = serverEnvSchema.safeParse(env);
+
+  if (!result.success) {
+    console.error(
+      "❌ Invalid server environment variables:",
+      result.error.flatten().fieldErrors,
+    );
+    throw new Error("Invalid server environment variables");
+  }
+}

tsconfig.json

@@ -21,6 +21,12 @@
       "@/*": ["./src/*"]
     }
   },
-  "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"],
+  "include": [
+    "next-env.d.ts",
+    "**/*.ts",
+    "**/*.tsx",
+    ".next/types/**/*.ts",
+    "src/lib/env/*.js"
+  ],
   "exclude": ["node_modules"]
 }