Skip to content

Add runtime environment variable validation with fail-fast startup behavior. #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Koder-Kartik wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add runtime environment variable validation with fail-fast startup behavior. #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,9 @@ BroCode Spot is a full-stack web application designed to streamline group orderi
VITE_SUPABASE_URL=your_supabase_project_url
VITE_SUPABASE_ANON_KEY=your_supabase_anon_key
```
### Environment Validation
The backend validates environment variables at startup.
If required variables are missing or invalid, the server will stop immediately with a clear error message.

4. **Set up Supabase**

Expand Down
24 changes: 24 additions & 0 deletions backend/env.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
const dotenv = require("dotenv");
const { z } = require("zod");

dotenv.config();

const envSchema = z.object({
VITE_SUPABASE_URL: z.string().url(),
VITE_SUPABASE_ANON_KEY: z.string().min(10),
PORT: z.string().optional()
});
Comment on lines +6 to +10
Copy link

@coderabbitai coderabbitai bot Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | πŸ”΄ Critical

🧩 Analysis chain

🏁 Script executed:

cat -n backend/env.js

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 792

🏁 Script executed:

rg -n '"zod"' package.json package-lock.json pnpm-lock.yaml yarn.lock 2>/dev/null | head -20

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 62

🏁 Script executed:

rg -n 'PORT' backend/ --type js --type ts -A 2 -B 2

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 551

🏁 Script executed:

find . -name "package.json" -type f | head -5 | xargs -I {} sh -c 'echo "=== {} ===" && cat {}'

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 935

🏁 Script executed:

rg -n 'z\.coerce' --type js --type ts

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 62

🏁 Script executed:

find . -name "package-lock.json" -o -name "pnpm-lock.yaml" -o -name "yarn.lock" | head -1 | xargs -I {} sh -c 'echo "Found: {}" && grep -A 5 '"'"'"zod"'"'"' {} | head -30'

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 106

🏁 Script executed:

rg -n 'require.*zod|import.*zod' --type js --type ts

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 126

🏁 Script executed:

ls -la package-lock.json | head -5 && grep '"zod"' package-lock.json | head -10

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 147

🏁 Script executed:

find . -path ./node_modules -prune -o -name "*.json" -type f -exec grep -l '"zod"' {} \;

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 62

🏁 Script executed:

cat package-lock.json | head -50

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 1706

🏁 Script executed:

rg -n 'zod' backend/ frontend/ src/ --type js --type ts 2>/dev/null | head -20

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 126

Add zod to dependencies in package.json β€” backend/env.js will fail at runtime without it.

The environment validation module requires zod but it's not listed in package.json. Once added, consider validating PORT as a number to prevent the server from attempting to listen on NaN if an invalid value is provided:

 const envSchema = z.object({
   VITE_SUPABASE_URL: z.string().url(),
   VITE_SUPABASE_ANON_KEY: z.string().min(10),
-  PORT: z.string().optional()
+  PORT: z.coerce.number().int().positive().optional()
 });

This ensures fail-fast validation with a clear error message instead of silent NaN at startup.

πŸ“ Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
const envSchema = z.object({
VITE_SUPABASE_URL: z.string().url(),
VITE_SUPABASE_ANON_KEY: z.string().min(10),
PORT: z.string().optional()
});
const envSchema = z.object({
VITE_SUPABASE_URL: z.string().url(),
VITE_SUPABASE_ANON_KEY: z.string().min(10),
PORT: z.coerce.number().int().positive().optional()
});
πŸ€– Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@backend/env.js` around lines 6 - 10, The project is missing the zod
dependency and env validation currently allows PORT as a string which can
produce NaN at runtime; add "zod" to package.json dependencies and update the
env validation (the envSchema object) to validate/coerce PORT to a number (or
use z.preprocess/coerce to ensure PORT is parsed as a number) so the app fails
fast with a clear error instead of starting with NaN when PORT is invalid.


const result = envSchema.safeParse(process.env);

if (!result.success) {
console.error("\n❌ Invalid environment configuration:\n");

result.error.errors.forEach((err) => {
console.error(`- ${err.path.join(".")}: ${err.message}`);
});

process.exit(1); // πŸ”₯ FAIL FAST
}

module.exports = result.data;
1 change: 1 addition & 0 deletions backend/server.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import { createServer } from 'node:http';
import { URL } from 'node:url';
import { database, dbPath } from './db.js';
require("./env");
Copy link

@coderabbitai coderabbitai bot Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Check if backend/server.js exists and read its content
head -20 backend/server.js

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 942

🏁 Script executed:

# Check package.json for module type configuration
cat package.json | grep -A 5 -B 5 '"type"'

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 296

🏁 Script executed:

# Verify what ./env refers to (file or directory)
ls -la backend/ | grep env

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 137

🏁 Script executed:

# Check if there are ESM imports in backend/server.js
rg -n "^import\s|from\s" backend/server.js

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 203

require("./env") will break in ESM modules.

This file uses ES module imports and is configured as ESM ("type": "module" in package.json), so require() will throw "require is not defined" at runtime. Use an ESM import statement instead.

πŸ”§ Suggested fix 
-require("./env"); 
+import './env.js';
πŸ€– Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@backend/server.js` at line 4, The current call to require("./env") in
server.js will fail under ESM; replace it with an ES module import by using a
top-level import of the env module (ensure the filename/extension matches what's
on disk, e.g., "./env.js" if necessary) or use a dynamic import() if you need
conditional loading; update the reference to require("./env") in server.js so
the environment variables are loaded via an ES module import instead of require.


const port = Number(process.env.PORT || 4000);

Expand Down
15 changes: 10 additions & 5 deletions services/supabase.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,16 @@ import { createClient, RealtimeChannel } from '@supabase/supabase-js';
const supabaseUrl = import.meta.env.VITE_SUPABASE_URL || '';
const supabaseAnonKey = import.meta.env.VITE_SUPABASE_ANON_KEY || '';

if (!supabaseUrl || !supabaseAnonKey) {
console.warn(`Supabase credentials are not configured.
Please create a .env.local file with:
VITE_SUPABASE_URL=your_supabase_url
VITE_SUPABASE_ANON_KEY=your_supabase_anon_key`);
if (!supabaseUrl) {
throw new Error(
"Missing environment variable: VITE_SUPABASE_URL. Create a .env.local file."
);
}

if (!supabaseAnonKey) {
throw new Error(
"Missing environment variable: VITE_SUPABASE_ANON_KEY. Create a .env.local file."
);
}

export const supabase = createClient(supabaseUrl, supabaseAnonKey, {
Expand Down