fix(env): migrate origin/email env reads to readServerEnv and extend fallback keys

LesiaUKR · LesiaUKR · commit 9cc3a5369923 · 2026-03-29T20:21:14.000+01:00
diff --git a/frontend/lib/auth/admin.ts b/frontend/lib/auth/admin.ts
@@ -1,9 +1,9 @@
 import 'server-only';
 
 import type { NextRequest } from 'next/server';
-import { readServerEnv } from '@/lib/env/server-env';
 
 import { getCurrentUser } from '@/lib/auth';
+import { readServerEnv } from '@/lib/env/server-env';
 
 export class AdminApiDisabledError extends Error {
   code = 'ADMIN_API_DISABLED' as const;
@@ -30,10 +30,14 @@ export class AdminForbiddenError extends Error {
 }
 
 export function assertAdminApiEnabled(): void {
-  if (
-    process.env.NODE_ENV === 'production' &&
-    readServerEnv('ENABLE_ADMIN_API') !== 'true'
-  ) {
+ const enabled =
+    (
+      readServerEnv('ENABLE_ADMIN_API') ??
+      readServerEnv('NEXT_PUBLIC_ENABLE_ADMIN') ??
+      ''
+    ).toLowerCase() === 'true';
+
+  if (process.env.NODE_ENV === 'production' && !enabled) {
     throw new AdminApiDisabledError();
   }
 }
diff --git a/frontend/lib/email/sendPasswordResetEmail.ts b/frontend/lib/email/sendPasswordResetEmail.ts
@@ -1,3 +1,5 @@
+import { readServerEnv } from '@/lib/env/server-env';
+
 import { resetPasswordTemplate } from './templates/reset-password';
 import { mailer } from './transporter';
 
@@ -7,7 +9,7 @@ type Params = {
 };
 
 export async function sendPasswordResetEmail({ to, resetUrl }: Params) {
-  const from = process.env.EMAIL_FROM;
+  const from = readServerEnv('EMAIL_FROM');
 
   if (!from) {
     throw new Error('EMAIL_FROM is not configured');
diff --git a/frontend/lib/email/sendVerificationEmail.ts b/frontend/lib/email/sendVerificationEmail.ts
@@ -1,3 +1,5 @@
+import { readServerEnv } from '@/lib/env/server-env';
+
 import { verifyEmailTemplate } from './templates/verify-email';
 import { mailer } from './transporter';
 
@@ -7,7 +9,7 @@ type Params = {
 };
 
 export async function sendVerificationEmail({ to, verifyUrl }: Params) {
-  const from = process.env.EMAIL_FROM;
+  const from = readServerEnv('EMAIL_FROM');
 
   if (!from) {
     throw new Error('EMAIL_FROM is not configured');
diff --git a/frontend/lib/email/transporter.ts b/frontend/lib/email/transporter.ts
@@ -1,7 +1,9 @@
 import nodemailer from 'nodemailer';
 
-const user = process.env.GMAIL_USER;
-const pass = process.env.GMAIL_APP_PASSWORD;
+import { readServerEnv } from '@/lib/env/server-env';
+
+const user = readServerEnv('GMAIL_USER');
+const pass = readServerEnv('GMAIL_APP_PASSWORD');
 
 if (!user || !pass) {
   throw new Error('Missing Gmail SMTP credentials');
diff --git a/frontend/lib/env/server-env.ts b/frontend/lib/env/server-env.ts
@@ -44,6 +44,11 @@ const GENERATED_FALLBACK_KEYS = new Set([
   'ENABLE_ADMIN_API',
   'NEXT_PUBLIC_ENABLE_ADMIN',
   'SHOP_STATUS_TOKEN_SECRET',
+  'APP_ORIGIN',
+  'APP_ADDITIONAL_ORIGINS',
+  'GMAIL_USER',
+  'GMAIL_APP_PASSWORD',
+  'EMAIL_FROM',
 ]);
 
 
diff --git a/frontend/lib/security/origin.ts b/frontend/lib/security/origin.ts
@@ -1,5 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 
+import { readServerEnv } from '@/lib/env/server-env';
+
 const LOCALHOST_ORIGIN = 'http://localhost:3000';
 
 function buildErrorResponse(
@@ -49,13 +51,13 @@ export function normalizeOrigin(input: string): string {
 export function getAllowedOrigins(): string[] {
   const allowed = new Set<string>();
 
-  const appOrigin = (process.env.APP_ORIGIN ?? '').trim();
+  const appOrigin = (readServerEnv('APP_ORIGIN') ?? '').trim();
   if (appOrigin) {
     const normalized = normalizeOrigin(appOrigin);
     if (normalized) allowed.add(normalized);
   }
 
-  const additionalRaw = (process.env.APP_ADDITIONAL_ORIGINS ?? '').trim();
+  const additionalRaw = (readServerEnv('APP_ADDITIONAL_ORIGINS') ?? '').trim();
   if (additionalRaw) {
     for (const entry of additionalRaw.split(',')) {
       const candidate = entry.trim();
diff --git a/frontend/lib/shop/status-token.ts b/frontend/lib/shop/status-token.ts
@@ -1,4 +1,5 @@
 import crypto from 'node:crypto';
+
 import { readServerEnv } from '@/lib/env/server-env';
 
 export const STATUS_TOKEN_SCOPES = [

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`import crypto from 'node:crypto';`
	`2`	`+`
`2`	`3`	`import { readServerEnv } from '@/lib/env/server-env';`
`3`	`4`
`4`	`5`	`export const STATUS_TOKEN_SCOPES = [`