Merge pull request #432 from DevLoversTeam/sl/feat/db-optimization

fix(netlify-env): stabilize auth/csrf secrets in SSR runtime via readServerEnv

Author: liudmylasovetovs

frontend/lib/auth.ts

@@ -6,11 +6,12 @@ import { cookies } from 'next/headers';
 
 import { db } from '@/db';
 import { users } from '@/db/schema/users';
+import { readServerEnv } from '@/lib/env/server-env';
 
 const AUTH_COOKIE_NAME = 'auth_session';
 const AUTH_TOKEN_MAX_AGE = 60 * 60 * 24 * 7; // 7 days
 
-const _AUTH_SECRET = process.env.AUTH_SECRET;
+const _AUTH_SECRET = readServerEnv('AUTH_SECRET');
 
 if (!_AUTH_SECRET) {
   throw new Error('AUTH_SECRET is not defined');

frontend/lib/security/csrf.ts

@@ -4,11 +4,13 @@ import crypto from 'node:crypto';
 
 import type { NextRequest } from 'next/server';
 
+import { readServerEnv } from '@/lib/env/server-env';
+
 export const CSRF_FORM_FIELD = 'csrfToken' as const;
 
 const DEFAULT_TTL_SECONDS = 60 * 60;
 function getSecret(): string {
-  const secret = process.env.CSRF_SECRET;
+  const secret = readServerEnv('CSRF_SECRET');
   if (!secret) throw new Error('Missing env var: CSRF_SECRET');
   return secret;
 }