bug: Missing environment variable validation #7

New Issue

2026-06-17T15:04:55Z

abumahid commented

2026-06-17 15:04:55 +00:00

Description

The configuration module (src/app/configs/index.ts) reads environment variables without validating that required variables are set. This causes undefined values to be used at runtime, leading to cryptic errors or security issues when connecting to databases, Redis, or using JWT secrets.

Location

File: src/app/configs/index.ts
Component: configs object
Lines: 3-27

How to Fix

Add validation to ensure required environment variables are present at startup:

import "dotenv/config";

const requiredEnvVars = [
  'DATABASE_URL',
  'PORT',
  'NODE_ENV',
  'ACCESS_TOKEN',
  'REFRESH_TOKEN',
  'ACCESS_EXPIRES',
  'REFRESH_EXPIRES',
  'RESET_SECRET',
  'RESET_EXPIRES',
  'FRONT_END_URL',
  'VERIFIED_TOKEN',
  'APP_USER_EMAIL',
  'APP_PASSWORD',
  'CLOUD_NAME',
  'CLOUD_API_KEY',
  'CLOUD_API_SECRET',
  'REDIS_URL'
];

for (const envVar of requiredEnvVars) {
  if (!process.env[envVar]) {
    throw new Error(`Missing required environment variable: ${envVar}`);
  }
}

export const configs = {
  port: process.env.PORT!,
  env: process.env.NODE_ENV!,
  db_url: process.env.DATABASE_URL!,
  // ... rest of config
};

Acceptance Criteria

All required environment variables are validated at server startup
Server fails with clear error message if variables are missing
Validation occurs before any service initialization
Build passes
Server starts with all env vars set
Server fails immediately if env var is missing

### Description The configuration module (`src/app/configs/index.ts`) reads environment variables without validating that required variables are set. This causes undefined values to be used at runtime, leading to cryptic errors or security issues when connecting to databases, Redis, or using JWT secrets. ### Location - **File:** `src/app/configs/index.ts` - **Component:** `configs` object - **Lines:** 3-27 ### How to Fix Add validation to ensure required environment variables are present at startup: ```typescript import "dotenv/config"; const requiredEnvVars = [ 'DATABASE_URL', 'PORT', 'NODE_ENV', 'ACCESS_TOKEN', 'REFRESH_TOKEN', 'ACCESS_EXPIRES', 'REFRESH_EXPIRES', 'RESET_SECRET', 'RESET_EXPIRES', 'FRONT_END_URL', 'VERIFIED_TOKEN', 'APP_USER_EMAIL', 'APP_PASSWORD', 'CLOUD_NAME', 'CLOUD_API_KEY', 'CLOUD_API_SECRET', 'REDIS_URL' ]; for (const envVar of requiredEnvVars) { if (!process.env[envVar]) { throw new Error(`Missing required environment variable: ${envVar}`); } } export const configs = { port: process.env.PORT!, env: process.env.NODE_ENV!, db_url: process.env.DATABASE_URL!, // ... rest of config }; ``` ### Acceptance Criteria - [ ] All required environment variables are validated at server startup - [ ] Server fails with clear error message if variables are missing - [ ] Validation occurs before any service initialization - [ ] Build passes - [ ] Server starts with all env vars set - [ ] Server fails immediately if env var is missing ---

abumahid added the Critical bug labels 2026-06-17 15:04:55 +00:00

abumahid added this to the quicklanch-server project 2026-06-17 15:04:55 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: summer2026/quicklanch-server#7