Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: backoffice run dist with environment variables #2643

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions apps/backoffice-v2/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,18 @@ CMD ["npm", "run", "dev", "--host"]

FROM nginx:stable-alpine as prod

WORKDIR /app

COPY --from=dev /app/dist /usr/share/nginx/html

COPY --from=dev /app/entrypoint.sh /app/entrypoint.sh

COPY example.nginx.conf /etc/nginx/conf.d/default.conf

RUN chmod a+x /app/entrypoint.sh;

EXPOSE 80

ENTRYPOINT [ "/app/entrypoint.sh" ]

CMD ["nginx", "-g", "daemon off;"]
54 changes: 54 additions & 0 deletions apps/backoffice-v2/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
#!/usr/bin/env sh

Comment on lines +1 to +2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Update shebang to match script requirements.

The script uses bash-specific features but declares itself as a sh script. Either:

  1. Change shebang to #!/usr/bin/env bash to explicitly require bash, or
  2. Make the script POSIX-compliant by replacing [[ with [
-#!/usr/bin/env sh
+#!/usr/bin/env bash
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
#!/usr/bin/env sh
#!/usr/bin/env bash

if [[ -z "$VITE_DOMAIN" ]]
then
VITE_DOMAIN="http://localhost:3000"
fi

if [[ -z "$VITE_API_KEY" ]]
then
VITE_API_KEY="secret"
fi
Comment on lines +8 to +11
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use a more secure method to set the API key.

Hardcoding the API key as secret is not recommended. Consider using a secure vault or secrets manager to store and retrieve the API key.

Tools
Shellcheck

[warning] 8-8: In POSIX sh, [[ ]] is undefined.

(SC3010)


if [[ -z "$VITE_AUTH_ENABLED" ]]
then
VITE_AUTH_ENABLED=true
fi


if [[ -z "$VITE_MOCK_SERVER" ]]
then
VITE_MOCK_SERVER=false
fi

if [[ -z "$VITE_POLLING_INTERVAL" ]]
then
VITE_POLLING_INTERVAL=10
fi

if [[ -z "$VITE_ASSIGNMENT_POLLING_INTERVAL" ]]
then
VITE_ASSIGNMENT_POLLING_INTERVAL=5
fi

if [[ -z "$VITE_FETCH_SIGNED_URL" ]]
then
VITE_FETCH_SIGNED_URL=false
fi
Comment on lines +3 to +37
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add input validation for critical environment variables.

The script should validate the format and values of critical variables like VITE_DOMAIN and VITE_POLLING_INTERVAL.

 if [[ -z "$VITE_DOMAIN" ]]
 then
     VITE_DOMAIN="http://localhost:3000"
+else
+    # Validate URL format
+    if ! [[ "$VITE_DOMAIN" =~ ^https?:// ]]; then
+        echo "Error: VITE_DOMAIN must start with http:// or https://"
+        exit 1
+    fi
 fi

 if [[ -z "$VITE_POLLING_INTERVAL" ]]
 then
     VITE_POLLING_INTERVAL=10
+else
+    # Validate numeric value and range
+    if ! [[ "$VITE_POLLING_INTERVAL" =~ ^[0-9]+$ ]] || \
+       [ "$VITE_POLLING_INTERVAL" -lt 1 ] || \
+       [ "$VITE_POLLING_INTERVAL" -gt 3600 ]; then
+        echo "Error: VITE_POLLING_INTERVAL must be a number between 1 and 3600"
+        exit 1
+    fi
 fi

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools
🪛 Shellcheck (0.10.0)

[warning] 3-3: In POSIX sh, [[ ]] is undefined.

(SC3010)


[warning] 8-8: In POSIX sh, [[ ]] is undefined.

(SC3010)


[warning] 13-13: In POSIX sh, [[ ]] is undefined.

(SC3010)


[warning] 19-19: In POSIX sh, [[ ]] is undefined.

(SC3010)


[warning] 24-24: In POSIX sh, [[ ]] is undefined.

(SC3010)


[warning] 29-29: In POSIX sh, [[ ]] is undefined.

(SC3010)


[warning] 34-34: In POSIX sh, [[ ]] is undefined.

(SC3010)


cat << EOF > /usr/share/nginx/html/config.js
globalThis.env = {
VITE_API_URL: "$VITE_DOMAIN/api/v1/internal",
VITE_API_KEY: "$VITE_API_KEY",
VITE_AUTH_ENABLED: "$VITE_AUTH_ENABLED",
VITE_MOCK_SERVER: "$VITE_MOCK_SERVER",
VITE_POLLING_INTERVAL: "$VITE_POLLING_INTERVAL",
VITE_ASSIGNMENT_POLLING_INTERVAL: "$VITE_ASSIGNMENT_POLLING_INTERVAL",
VITE_FETCH_SIGNED_URL: "$VITE_FETCH_SIGNED_URL",
VITE_ENVIRONMENT_NAME: "local",
MODE: "production"
}
EOF
Comment on lines +39 to +51
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Add security headers and configure content type for config.js

The nginx configuration needs to be enhanced with security headers and proper content type handling for the config.js file:

  • Add the following to the nginx configuration:
    location /config.js {
        add_header Content-Type application/javascript;
        add_header X-Content-Type-Options nosniff;
        add_header Cache-Control no-store;
    }
  • Consider adding other security headers like X-Frame-Options, X-XSS-Protection, and Content-Security-Policy
🔗 Analysis chain

Add security headers and content type for config.js.

The config file might be accessible via direct URL. Ensure proper security headers are set in the nginx configuration.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if nginx configuration exists and has proper security headers
fd -g "*nginx*.conf" -x grep -l "config\.js"
fd -g "*nginx*.conf" -x grep -l "add_header X-Content-Type-Options nosniff"

Length of output: 124


Script:

#!/bin/bash
# Let's try a broader search for nginx configurations and security headers
fd nginx
fd -e conf
rg -l "config\.js"
rg -l "add_header.*nosniff"

Length of output: 1647


Script:

#!/bin/bash
# Let's examine the nginx configuration files we found
cat apps/backoffice-v2/example.nginx.conf

Length of output: 322


# Handle CMD command
exec "$@"
Comment on lines +1 to +54
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

File permissions need to be fixed for Docker entrypoint

The script integration has issues that need to be addressed:

  • The entrypoint script currently has permissions 644 (-rw-r--r--) but needs to be executable (755)
  • While the Dockerfile sets permissions with chmod a+x, the file in the repository should be executable to maintain consistency

To fix:

  • Run chmod +x apps/backoffice-v2/entrypoint.sh and commit the changes
  • Consider adding a .gitattributes file to maintain executable permissions
🔗 Analysis chain

Verify Docker integration and file permissions.

Let's ensure the script is properly integrated into the Docker setup.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if the script is referenced in Dockerfile and has correct permissions
echo "Checking Dockerfile configuration..."
rg -l "COPY.*entrypoint.sh" && \
rg -l "RUN chmod \+x.*entrypoint.sh" && \
rg -l "ENTRYPOINT.*entrypoint.sh"

# Check if nginx configuration exists for serving the config.js
echo "Checking nginx configuration..."
fd -g "*nginx*.conf" -x grep -l "config.js"

Length of output: 298


Script:

#!/bin/bash
# Let's check the actual Dockerfile content to verify the integration
echo "Checking Dockerfile content:"
cat apps/backoffice-v2/Dockerfile

# Let's also check if there are any nginx configuration files
echo -e "\nListing nginx configuration files:"
fd -g "*nginx*.conf"

# Check if the entrypoint.sh is executable
echo -e "\nChecking file permissions:"
ls -l apps/backoffice-v2/entrypoint.sh

Length of output: 1202

🧰 Tools
🪛 Shellcheck

[warning] 3-3: In POSIX sh, [[ ]] is undefined.

(SC3010)


[warning] 8-8: In POSIX sh, [[ ]] is undefined.

(SC3010)


[warning] 13-13: In POSIX sh, [[ ]] is undefined.

(SC3010)


[warning] 19-19: In POSIX sh, [[ ]] is undefined.

(SC3010)


[warning] 24-24: In POSIX sh, [[ ]] is undefined.

(SC3010)


[warning] 29-29: In POSIX sh, [[ ]] is undefined.

(SC3010)


[warning] 34-34: In POSIX sh, [[ ]] is undefined.

(SC3010)

Comment on lines +53 to +54
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Validate and sanitize command input.

The exec "$@" command executes arbitrary commands without validation. Consider:

  1. Validating allowed commands
  2. Implementing command whitelisting
+# Define allowed commands
+ALLOWED_COMMANDS=("nginx" "node" "npm" "serve")
+
+# Validate command
+if [ $# -gt 0 ]; then
+    command_name=$(basename "$1")
+    if ! [[ " ${ALLOWED_COMMANDS[@]} " =~ " ${command_name} " ]]; then
+        echo "Error: Command '$command_name' is not allowed"
+        exit 1
+    fi
+fi
+
 # Handle CMD command
 exec "$@"

Committable suggestion skipped: line range outside the PR's diff.

3 changes: 3 additions & 0 deletions apps/backoffice-v2/global.d.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
declare global {
export var env: { [key: string]: any };
}
Comment on lines +1 to +3
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Migration from import.meta.env to globalThis.env is incomplete

There are still several instances of import.meta.env usage in the codebase that need to be migrated to globalThis.env:

  • apps/backoffice-v2/src/main.tsx: Using import.meta.env.VITE_API_URL
  • apps/backoffice-v2/public/config.js: Multiple environment variables still using import.meta.env:
    • VITE_API_URL
    • VITE_KYB_DEFINITION_ID
    • VITE_API_KEY
    • VITE_ENVIRONMENT_NAME
    • VITE_DEFAULT_EXAMPLE_TOKEN
    • VITE_SENTRY_AUTH_TOKEN
    • VITE_SENTRY_DSN
🔗 Analysis chain

Verify the environment variable usage across the codebase.

Since this is part of a migration from import.meta.env to globalThis.env, let's ensure all usages are updated consistently.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any remaining import.meta.env usage that needs to be migrated

echo "Checking for remaining import.meta.env usage..."
rg "import\.meta\.env" apps/backoffice-v2/

echo "Checking current globalThis.env usage..."
rg "globalThis\.env" apps/backoffice-v2/

Length of output: 1425


🛠️ Refactor suggestion

Improve type safety by using a specific interface instead of any.

Using { [key: string]: any } bypasses TypeScript's type checking benefits. Consider defining a specific interface for your environment variables with proper types.

declare global {
-  export var env: { [key: string]: any };
+  export interface EnvConfig {
+    API_URL: string;
+    NODE_ENV: 'development' | 'production' | 'test';
+    // Add other environment variables with specific types
+  }
+  export var env: EnvConfig;
}

Committable suggestion skipped: line range outside the PR's diff.

1 change: 1 addition & 0 deletions apps/backoffice-v2/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
<link rel="manifest" href="/manifest.webmanifest" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Ballerine - Backoffice</title>
<script type="text/javascript" src="/config.js"></script>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure this is needed since env.ts is imported very early on and the config file is imported there.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is needed else the config changes are not getting rendered

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Environment variables exposure requires attention

The config.js file exposes several sensitive configuration variables that should be handled more securely:

  • VITE_API_KEY: Exposing API keys in client-side code poses a security risk
  • VITE_SENTRY_AUTH_TOKEN: Sentry authentication tokens should never be exposed to the client
  • VITE_DEFAULT_EXAMPLE_TOKEN: Even example/default tokens should not be hardcoded in client-side code

Recommendations:

  • Move sensitive configuration to server-side environment variables
  • Use server endpoints to handle authenticated API calls instead of exposing API keys
  • Remove any hardcoded tokens, even if they are just examples
  • Consider implementing proper authentication flow instead of relying on exposed tokens
🔗 Analysis chain

Review security implications of exposing environment variables

The inclusion of environment variables in a client-side config.js file requires careful consideration of security implications. Ensure that sensitive configuration data (API keys, secrets, internal URLs) are not exposed.

Let's verify what environment variables are being exposed:

Consider implementing:

  1. A backend proxy for sensitive operations instead of exposing credentials
  2. Environment-specific configuration filtering during build

Let me check the config.js file content to verify what environment variables are being exposed:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for potential sensitive data in environment variable handling

# Check entrypoint.sh for environment variable exposure
echo "Checking entrypoint.sh for environment variables:"
rg -i "export|env\." apps/backoffice-v2/entrypoint.sh

# Check for sensitive patterns in environment variable usage
echo -e "\nChecking for potentially sensitive patterns:"
rg -i "key|token|secret|password|credential" apps/backoffice-v2/

Length of output: 107207


Script:

#!/bin/bash
# Check the content of config.js
cat apps/backoffice-v2/public/config.js

Length of output: 613

<script>
let cachedTheme = localStorage.getItem('theme');
const themes = ['dark', 'light'];
Expand Down
9 changes: 9 additions & 0 deletions apps/backoffice-v2/public/config.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
globalThis.env = {
VITE_API_URL: import.meta.env.VITE_API_URL || 'http://google.com',
VITE_KYB_DEFINITION_ID: import.meta.env.VITE_KYB_DEFINITION_ID || 'kyb_parent_kyc_session_example',
VITE_API_KEY: import.meta.env.VITE_API_KEY || 'secret',
VITE_ENVIRONMENT_NAME: import.meta.env.VITE_ENVIRONMENT_NAME || 'local',
VITE_DEFAULT_EXAMPLE_TOKEN: import.meta.env.VITE_DEFAULT_EXAMPLE_TOKEN || '12345678-1234-1234-1234-123456789012',
VITE_SENTRY_AUTH_TOKEN: import.meta.env.VITE_SENTRY_AUTH_TOKEN || '',
VITE_SENTRY_DSN: import.meta.env.VITE_SENTRY_DSN || '',
};
Comment on lines +1 to +9
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security: Avoid exposing sensitive default values in public files

The configuration file contains sensitive default values (API key, token) and is located in the public directory, which could pose security risks in production environments.

Consider these improvements:

  1. Remove sensitive default values
  2. Use placeholder values that clearly indicate they need to be replaced
  3. Move this configuration to a non-public location
 globalThis.env = {
-  VITE_API_URL: import.meta.env.VITE_API_URL || 'http://google.com',
-  VITE_KYB_DEFINITION_ID: import.meta.env.VITE_KYB_DEFINITION_ID || 'kyb_parent_kyc_session_example',
-  VITE_API_KEY: import.meta.env.VITE_API_KEY || 'secret',
-  VITE_ENVIRONMENT_NAME: import.meta.env.VITE_ENVIRONMENT_NAME || 'local',
-  VITE_DEFAULT_EXAMPLE_TOKEN: import.meta.env.VITE_DEFAULT_EXAMPLE_TOKEN || '12345678-1234-1234-1234-123456789012',
+  VITE_API_URL: import.meta.env.VITE_API_URL || '<REQUIRED_API_URL>',
+  VITE_KYB_DEFINITION_ID: import.meta.env.VITE_KYB_DEFINITION_ID || '<REQUIRED_KYB_DEFINITION_ID>',
+  VITE_API_KEY: import.meta.env.VITE_API_KEY || '<REQUIRED_API_KEY>',
+  VITE_ENVIRONMENT_NAME: import.meta.env.VITE_ENVIRONMENT_NAME || 'development',
+  VITE_DEFAULT_EXAMPLE_TOKEN: import.meta.env.VITE_DEFAULT_EXAMPLE_TOKEN || '<REQUIRED_TOKEN>',
   VITE_SENTRY_AUTH_TOKEN: import.meta.env.VITE_SENTRY_AUTH_TOKEN || '',
   VITE_SENTRY_DSN: import.meta.env.VITE_SENTRY_DSN || '',
 };
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
globalThis.env = {
VITE_API_URL: import.meta.env.VITE_API_URL || 'http://google.com',
VITE_KYB_DEFINITION_ID: import.meta.env.VITE_KYB_DEFINITION_ID || 'kyb_parent_kyc_session_example',
VITE_API_KEY: import.meta.env.VITE_API_KEY || 'secret',
VITE_ENVIRONMENT_NAME: import.meta.env.VITE_ENVIRONMENT_NAME || 'local',
VITE_DEFAULT_EXAMPLE_TOKEN: import.meta.env.VITE_DEFAULT_EXAMPLE_TOKEN || '12345678-1234-1234-1234-123456789012',
VITE_SENTRY_AUTH_TOKEN: import.meta.env.VITE_SENTRY_AUTH_TOKEN || '',
VITE_SENTRY_DSN: import.meta.env.VITE_SENTRY_DSN || '',
};
globalThis.env = {
VITE_API_URL: import.meta.env.VITE_API_URL || '<REQUIRED_API_URL>',
VITE_KYB_DEFINITION_ID: import.meta.env.VITE_KYB_DEFINITION_ID || '<REQUIRED_KYB_DEFINITION_ID>',
VITE_API_KEY: import.meta.env.VITE_API_KEY || '<REQUIRED_API_KEY>',
VITE_ENVIRONMENT_NAME: import.meta.env.VITE_ENVIRONMENT_NAME || 'development',
VITE_DEFAULT_EXAMPLE_TOKEN: import.meta.env.VITE_DEFAULT_EXAMPLE_TOKEN || '<REQUIRED_TOKEN>',
VITE_SENTRY_AUTH_TOKEN: import.meta.env.VITE_SENTRY_AUTH_TOKEN || '',
VITE_SENTRY_DSN: import.meta.env.VITE_SENTRY_DSN || '',
};

💡 Codebase verification

Let me analyze the results and generate a final response based on the findings.

Environment variables are properly used, but some hardcoded values need attention

The verification revealed several areas that need attention:

  • A hardcoded API endpoint in domains/workflows/mock-service-worker/workflows/workflows.controller.ts: http://localhost:3000/api/internal/workflows/${id}
  • Hardcoded URLs in common/env/schema.ts: VITE_API_URL default value is set to 'https://api-dev.ballerine.io/v2'
  • Several hardcoded URLs in domains/chat/chatbot-opengpt.tsx for logos and links
  • A hardcoded model URL in common/hooks/useFaceComparison/useFaceComparison.tsx: 'https://justadudewhohacks.github.io/face-api.js/models'

The rest of the hardcoded URLs appear to be in mock data, story files, or SVG namespaces which are acceptable.

🔗 Analysis chain

Verify environment variable usage across the application

Let's ensure these environment variables are properly used throughout the application and that there are no hardcoded values that should be using these configurations instead.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Search for potential hardcoded values that should use environment variables instead

# Test: Search for hardcoded URLs that might need to use VITE_API_URL
echo "Checking for hardcoded URLs..."
rg -g '!{*.md,*.json,*.lock}' -i "http[s]?://[a-zA-Z0-9./?=_%:-]+" apps/backoffice-v2/src/

# Test: Search for hardcoded API keys or tokens
echo "Checking for potential hardcoded secrets..."
rg -g '!{*.md,*.json,*.lock}' -i "api[_-]?key|secret|token" apps/backoffice-v2/src/

# Test: Verify environment variable usage
echo "Checking environment variable usage..."
rg "import\.meta\.env\.VITE_" apps/backoffice-v2/src/

Length of output: 14917

2 changes: 1 addition & 1 deletion apps/backoffice-v2/src/common/env/env.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ export const formatErrors = (errors: ZodFormattedError<Map<string, string>, stri
.filter(Boolean);
};

const _env = EnvSchema.safeParse(import.meta.env);
const _env = EnvSchema.safeParse(globalThis.env);

// TypeScript complains with !env.success
if (_env.success === false) {
Expand Down
6 changes: 6 additions & 0 deletions apps/backoffice-v2/src/main.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import dayjs from 'dayjs';
import advancedFormat from 'dayjs/plugin/advancedFormat';
import { initializeMonitoring } from '@/initialize-monitoring/initialize-monitoring';
import { initializeSessionRecording } from '@/initialize-session-recording/initialize-session-recording';
import '../public/config.js?url';

initializeMonitoring();

Expand Down Expand Up @@ -53,3 +54,8 @@ void prepare().then(() => {
);
}
});

//@ts-ignore
globalThis.env = globalThis.env || {
API_URL: import.meta.env.VITE_API_URL,
};
Comment on lines +58 to +61
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Improve type safety and environment variable handling

The current implementation has several concerns:

  1. Type safety is bypassed with @ts-ignore
  2. Direct mutation of globalThis could lead to runtime conflicts
  3. Missing validation for required environment variables
  4. No error handling for missing variables

Consider this type-safe alternative:

-//@ts-ignore
-globalThis.env = globalThis.env || {
-  API_URL: import.meta.env.VITE_API_URL,
-};
+interface AppEnv {
+  API_URL: string;
+  // Add other environment variables as needed
+}
+
+const validateEnv = (env: Partial<AppEnv>): AppEnv => {
+  if (!env.API_URL) {
+    throw new Error('VITE_API_URL is required but not provided');
+  }
+  return env as AppEnv;
+};
+
+declare global {
+  var env: AppEnv;
+}
+
+globalThis.env = validateEnv({
+  API_URL: import.meta.env.VITE_API_URL,
+});

This solution:

  • Adds proper TypeScript types
  • Validates required environment variables
  • Provides clear error messages for missing variables
  • Makes the code more maintainable and type-safe
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
//@ts-ignore
globalThis.env = globalThis.env || {
API_URL: import.meta.env.VITE_API_URL,
};
interface AppEnv {
API_URL: string;
// Add other environment variables as needed
}
const validateEnv = (env: Partial<AppEnv>): AppEnv => {
if (!env.API_URL) {
throw new Error('VITE_API_URL is required but not provided');
}
return env as AppEnv;
};
declare global {
var env: AppEnv;
}
globalThis.env = validateEnv({
API_URL: import.meta.env.VITE_API_URL,
});

Loading