Skip to content

feat: add env#20

Merged
AndrewHanasiro merged 5 commits intomainfrom
feature/env
Jan 7, 2026
Merged

feat: add env#20
AndrewHanasiro merged 5 commits intomainfrom
feature/env

Conversation

@AndrewHanasiro
Copy link
Copy Markdown
Member

@AndrewHanasiro AndrewHanasiro commented Jan 7, 2026
edited by coderabbitai bot
Loading

remove hard coded url and insert env

Summary by CodeRabbit

  • Chores

    • Backend service base URLs are now configurable via environment variables instead of hardcoded addresses.
    • Developer tooling and build dependencies updated with minor version bumps.

  • Bug Fixes / Notes

    • MFA-related error messages clarified for listing and creation flows.
    • Potential issue: invoice listing may fail due to a misspelled response field.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Jan 7, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Replaced hardcoded localhost endpoints with environment-driven base URLs (BILLING_URL, AUTH_URL) across billing, auth, MFA, and user routes; added Strategy.GA = 'GOOGLE_AUTHENTICATOR'; bumped devDependency versions. Note: src/routes/invoices/invoices.ts returns respJson.invoces (typo).

Changes

Cohort / File(s) Summary
Billing service
src/routes/invoices/invoices.ts		 Import BILLING_URL from $env/static/private; replace http://localhost:5002/invoice/${userId} with ${BILLING_URL}/invoice/${userId}. Fetch logic unchanged; final return uses respJson.invoces (typo).
Auth / MFA / Users
src/routes/mfa/mfa.ts, src/routes/users/users.ts, src/stores/auth.ts		 Import AUTH_URL from $env/static/private; replace hardcoded http://localhost:5000/... with ${AUTH_URL}/... for login, logout, refresh, MFA list/create, and user list/create. Added Strategy.GA = 'GOOGLE_AUTHENTICATOR' in MFA. Error messages largely preserved with minor wording tweaks.
DevDependencies
package.json		 Patch/minor version bumps for devDependencies (Svelte toolchain, testing libs, jsdom, globals, sass-embedded, svelte-check, typescript-eslint); no new dependencies or script changes.

Sequence Diagram(s)

(none — changes are environment URL substitutions, an enum addition, and dependency bumps; no new multi-component control flow requiring visualization.)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Poem

🐰 I hopped through code with nimble feet,

Swapped burrowed hosts for envs so neat.
A GA flag planted, devdeps trimmed fine,
One misspelled invoice—I'll fix that line. 🥕

🚥 Pre-merge checks | ❌ 3
❌ Failed checks (2 warnings, 1 inconclusive)
Check name Status Explanation Resolution
Description check ⚠️ Warning The description 'remove hard coded url and insert env' is extremely brief but accurately captures the main change; however, it lacks the structure and detail required by the template. Follow the provided template by adding a Proposal section with Links. Include specifics about which services are affected (invoices, MFA, users, auth) and any environment variables required.
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check ❓ Inconclusive The title 'feat: add env' is vague and generic, using non-descriptive terms that don't convey meaningful information about the actual changeset. Consider a more descriptive title such as 'feat: replace hardcoded URLs with environment variables' to clearly communicate the primary change.

✏️ Tip: You can configure your own custom Pre-merge Checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 280fb01 and 02e2171.

📒 Files selected for processing (4)
  • src/routes/invoices/invoices.ts
  • src/routes/mfa/mfa.ts
  • src/routes/users/users.ts
  • src/stores/auth.ts
🚧 Files skipped from review as they are similar to previous changes (4)
  • src/routes/mfa/mfa.ts
  • src/stores/auth.ts
  • src/routes/users/users.ts
  • src/routes/invoices/invoices.ts

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Jan 7, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
src/routes/invoices/invoices.ts (1)

14-14: Fix typo in property name.

The property is named invoces but should likely be invoices. This will return undefined if the API returns a field named invoices.

🔎 Proposed fix 
-	return respJson.invoces
+	return respJson.invoices

Verify the correct API response field name:

#!/bin/bash
# Search for API response type definitions or other invoice references
rg -n -C3 "invoices?:" --type ts
ast-grep --pattern 'interface $_ {
  $$$
  invoice$_: $_
  $$$
}'
🤖 Fix all issues with AI agents 
In @src/routes/invoices/invoices.ts:
- Line 8: listInvoice reads process.env.BILLING_URL directly, which is undefined
on the client; replace use of process.env.BILLING_URL with the SvelteKit public
env import (e.g., import { PUBLIC_BILLING_URL } from '$env/static/public' or
'$env/dynamic/public') and update listInvoice to build the URL from
PUBLIC_BILLING_URL; add a runtime validation that PUBLIC_BILLING_URL is defined
and throw or return a clear error when it's missing before calling fetch. Do the
same rename/replace and validation for AUTH_URL usages (rename to
PUBLIC_AUTH_URL and import/validate) in src/stores/auth.ts and the list
functions in src/routes/users/users.ts and src/routes/mfa/mfa.ts so all
client-side code uses PUBLIC_ prefixed envs and checks for presence.

In @src/routes/mfa/mfa.ts:
- Around line 17-18: The error messages are wrong copy-paste entries saying
"Refresh didn't work" in the MFA handlers; update the thrown Error in the
listMfa function (when resp.status !== 200) to a message like "listMfa failed"
(include status and/or response text for debugging), and similarly update the
thrown Error in createMfa to "createMfa failed" (also include status/response
details). Adjust both occurrences mentioned (the one around resp.status !== 200
for listMfa and the one around resp.status !== 200 for createMfa) so they
accurately describe the failing operation and include useful error context.
- Line 15: The code uses process.env.AUTH_URL to build the url constant in
src/routes/mfa/mfa.ts (const url = `${process.env.AUTH_URL}/mfa/${userId}`),
which is undefined on the client; rename the env variable to PUBLIC_AUTH_URL and
replace usage with an imported PUBLIC_AUTH_URL from SvelteKit’s $env (either
$env/static/public for build-time or $env/dynamic/public for runtime), update
the import and the url construction in both functions in mfa.ts and mirror the
same change in stores/auth.ts so all client-side references use PUBLIC_AUTH_URL
from the $env module.

In @src/routes/users/users.ts:
- Line 11: Replace direct use of process.env.AUTH_URL in listUser and
createNewUser with a validated getter: add a getAuthUrl() helper that reads
process.env.PUBLIC_AUTH_URL, throws if missing, and returns the value, then
change the url construction from `${process.env.AUTH_URL}/user` to
`${getAuthUrl()}/user`; ensure the env var uses SvelteKit's PUBLIC_ prefix
(PUBLIC_AUTH_URL) so client code can access it and apply the same pattern to
other modules mentioned (mfa.ts, auth.ts, invoices.ts).

In @src/stores/auth.ts:
- Around line 97-98: The error thrown in the logout flow is mislabeled: inside
the logout function where you check resp.status !== 200 (refer to the logout
function and the resp.status !== 200 check), replace the incorrect message
"Login didn't work" with a clear logout-specific message (e.g., "Logout failed"
or include response status/details) so the thrown Error accurately reflects the
failing operation.
- Line 38: The authentication functions in createCredentialStore (login,
chooseStrategy, loginCode, logout, refresh) and the handlers in users.ts and
mfa.ts use process.env.AUTH_URL directly and will build invalid URLs if AUTH_URL
is undefined; add a getAuthUrl() helper (e.g., in src/utils/env.ts) that throws
a clear Error if process.env.AUTH_URL is missing, then replace all direct
process.env.AUTH_URL references with getAuthUrl() calls (or import the helper)
so every URL is validated before use.
📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8725919 and 38e5a2a.

📒 Files selected for processing (4)
  • src/routes/invoices/invoices.ts
  • src/routes/mfa/mfa.ts
  • src/routes/users/users.ts
  • src/stores/auth.ts

coderabbitai[bot]
coderabbitai bot reviewed Jan 7, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
package.json (2)

20-49: Consider separating dependency updates from feature changes.

The devDependency version bumps are unrelated to the PR's stated objective of replacing hardcoded URLs with environment variables. Mixing dependency maintenance with feature work can complicate rollbacks and make it harder to trace issues.

37-37: Consider adding globals.audioWorklet to the ESLint config.

The upgrade from globals v16.5.0 to v17.0.0 includes a breaking change: the audioWorklet environment was split out of the browser environment. While your codebase currently does not use Web Audio API features, updating the ESLint config on line 22 to include ...globals.audioWorklet aligns with the recommended migration path:

globals: { ...globals.browser, ...globals.node, ...globals.audioWorklet }

This is optional if you do not plan to use Web Audio API, but including it ensures the config remains consistent with the package's design and prevents potential linting issues if audioWorklet globals are used in the future.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 38e5a2a and e6eb4bf.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • package.json
🔇 Additional comments (1)
package.json (1)

28-28: All updated package versions are valid and exist on npm.

The specified versions for @sveltejs/vite-plugin-svelte, @testing-library/svelte, globals, jsdom, sass-embedded, svelte, svelte-check, and typescript-eslint have been confirmed to exist and are available on the npm registry. No security vulnerabilities have been introduced by these specific package updates.

Note: npm audit identified a pre-existing low-severity vulnerability in the cookie dependency (via @sveltejs/kit), which is unrelated to the packages being updated in this PR.

@AndrewHanasiro AndrewHanasiro merged commit 1d52cf6 into main Jan 7, 2026
6 of 7 checks passed
@AndrewHanasiro AndrewHanasiro deleted the feature/env branch January 7, 2026 05:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AndrewHanasiro