DevLoversTeam
diff --git a/‎.hintrc‎
Lines changed: 8 additions & 1 deletion b/‎.hintrc‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎frontend/.env.example‎
Lines changed: 57 additions & 20 deletions b/‎frontend/.env.example‎
Lines changed: 57 additions & 20 deletions
diff --git a/‎frontend/app/[locale]/layout.tsx‎
Lines changed: 16 additions & 2 deletions b/‎frontend/app/[locale]/layout.tsx‎
Lines changed: 16 additions & 2 deletions
diff --git a/‎frontend/app/[locale]/shop/admin/orders/[id]/RefundButton.tsx‎
Lines changed: 12 additions & 3 deletions b/‎frontend/app/[locale]/shop/admin/orders/[id]/RefundButton.tsx‎
Lines changed: 12 additions & 3 deletions
@@ -8,6 +8,13 @@
       {
         "aria-valid-attr-value": "off"
       }
-    ]
+    ],
+    "axe/structure": [
+      "default",
+      {
+        "list": "off"
+      }
+    ],
+    "no-inline-styles": "off"
   }
 }
@@ -1,40 +1,77 @@
+# --- Core / Environment
+APP_ENV=
+APP_URL=
+NEXT_PUBLIC_SITE_URL=
+
+# --- Database
 DATABASE_URL=
+
+# --- Auth (app)
 AUTH_SECRET=
 
-CLOUDINARY_CLOUD_NAME=
+# --- OAuth: Google
+GOOGLE_CLIENT_ID_DEVELOP=
+GOOGLE_CLIENT_ID_LOCAL=
+GOOGLE_CLIENT_ID_PROD=
+GOOGLE_CLIENT_REDIRECT_URI_DEVELOP=
+GOOGLE_CLIENT_REDIRECT_URI_LOCAL=
+GOOGLE_CLIENT_REDIRECT_URI_PROD=
+GOOGLE_CLIENT_SECRET_DEVELOP=
+GOOGLE_CLIENT_SECRET_LOCAL=
+GOOGLE_CLIENT_SECRET_PROD=
+
+# --- OAuth: GitHub
+GITHUB_CLIENT_ID_DEVELOP=
+GITHUB_CLIENT_ID_LOCAL=
+GITHUB_CLIENT_ID_PROD=
+GITHUB_CLIENT_REDIRECT_URI_DEVELOP=
+GITHUB_CLIENT_REDIRECT_URI_LOCAL=
+GITHUB_CLIENT_REDIRECT_URI_PROD=
+GITHUB_CLIENT_SECRET_DEVELOP=
+GITHUB_CLIENT_SECRET_LOCAL=
+GITHUB_CLIENT_SECRET_PROD=
+
+# --- Cloudinary
 CLOUDINARY_API_KEY=
 CLOUDINARY_API_SECRET=
+CLOUDINARY_CLOUD_NAME=
 CLOUDINARY_UPLOAD_FOLDER=
-
 CLOUDINARY_URL=
-ENABLE_ADMIN_API=
 
+# --- Payments (Stripe)
+NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=
 PAYMENTS_ENABLED=
-NEXT_PUBLIC_PAYMENTS_ENABLED=
+# Options: test, live (defaults to test in development, live in production)
+STRIPE_MODE=
 STRIPE_SECRET_KEY=
 STRIPE_WEBHOOK_SECRET=
 
-STRIPE_MODE=
-NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=
+# --- Admin / Internal ops
+ENABLE_ADMIN_API=
+INTERNAL_JANITOR_MIN_INTERVAL_SECONDS=
+INTERNAL_JANITOR_SECRET=
+JANITOR_URL=
 
-NEXT_PUBLIC_SITE_URL=
-NEXT_PUBLIC_SITE_URL=
+# --- Quiz
+QUIZ_ENCRYPTION_KEY=
 
+# --- Telegram
 TELEGRAM_BOT_TOKEN=
 TELEGRAM_CHAT_ID=
 
-GOOGLE_CLIENT_ID=
-GOOGLE_CLIENT_SECRET=
-GOOGLE_CLIENT_REDIRECT_URI_LOCAL=
-GOOGLE_CLIENT_REDIRECT_URI_DEVELOP=
-GOOGLE_CLIENT_REDIRECT_URI_PROD=
+# --- Email (Gmail SMTP)
+EMAIL_FROM=
+GMAIL_APP_PASSWORD=
+GMAIL_USER=
 
-GITHUB_CLIENT_ID_DEVELOP=
-GITHUB_CLIENT_SECRET_DEVELOP=
-GITHUB_CLIENT_REDIRECT_URI_DEVELOP=
+# --- Security
+CSRF_SECRET=
 
-APP_ENV=
+CHECKOUT_RATE_LIMIT_MAX=10
+CHECKOUT_RATE_LIMIT_WINDOW_SECONDS=300
 
-INTERNAL_JANITOR_SECRET=
-INTERNAL_JANITOR_MIN_INTERVAL_SECONDS=60
-JANITOR_URL=
+STRIPE_WEBHOOK_INVALID_SIG_RL_MAX=30
+STRIPE_WEBHOOK_INVALID_SIG_RL_WINDOW_SECONDS=60
+
+# emergency switch
+RATE_LIMIT_DISABLED=0
@@ -43,7 +43,15 @@ export default async function LocaleLayout({
     );
 
   const userExists = Boolean(user);
-  const showAdminNavLink = process.env.NEXT_PUBLIC_ENABLE_ADMIN === 'true';
+  const enableAdmin =
+    (
+      process.env.ENABLE_ADMIN_API ??
+      process.env.NEXT_PUBLIC_ENABLE_ADMIN ??
+      ''
+    ).toLowerCase() === 'true';
+
+  const isAdmin = user?.role === 'admin';
+  const showAdminNavLink = Boolean(user) && isAdmin && enableAdmin;
 
   return (
     <NextIntlClientProvider messages={messages}>
@@ -58,7 +66,13 @@ export default async function LocaleLayout({
           showAdminLink={showAdminNavLink}
           blogCategories={blogCategories}
         >
-          <MainSwitcher>{children}</MainSwitcher>
+          <MainSwitcher
+            userExists={userExists}
+            showAdminLink={showAdminNavLink}
+            blogCategories={blogCategories}
+          >
+            {children}
+          </MainSwitcher>
         </AppChrome>
 
         <Footer />
 
@@ -1,7 +1,7 @@
 'use client';
 
 import { useRouter } from 'next/navigation';
-import { useState, useTransition } from 'react';
+import { useId, useState, useTransition } from 'react';
 
 type Props = {
   orderId: string;
@@ -12,6 +12,7 @@ export function RefundButton({ orderId, disabled }: Props) {
   const router = useRouter();
   const [isPending, startTransition] = useTransition();
   const [error, setError] = useState<string | null>(null);
+  const errorId = useId();
 
   async function onRefund() {
     setError(null);
@@ -47,12 +48,16 @@ export function RefundButton({ orderId, disabled }: Props) {
     });
   }
 
+  const isDisabled = disabled || isPending;
+
   return (
     <div className="flex items-center gap-2">
       <button
         type="button"
         onClick={onRefund}
-        disabled={disabled || isPending}
+        disabled={isDisabled}
+        aria-busy={isPending}
+        aria-describedby={error ? errorId : undefined}
         className="rounded-md border border-border px-3 py-1.5 text-sm font-medium text-foreground transition-colors hover:bg-secondary disabled:cursor-not-allowed disabled:opacity-50"
         title={
           disabled
@@ -63,7 +68,11 @@ export function RefundButton({ orderId, disabled }: Props) {
         {isPending ? 'Refunding…' : 'Refund'}
       </button>
 
-      {error ? <span className="text-xs text-destructive">{error}</span> : null}
+      {error ? (
+        <span id={errorId} role="alert" className="text-xs text-destructive">
+          {error}
+        </span>
+      ) : null}
     </div>
   );
 }
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,13 @@`
`8`	`8`	`{`
`9`	`9`	`"aria-valid-attr-value": "off"`
`10`	`10`	`}`
`11`		`- ]`
	`11`	`+ ],`
	`12`	`+ "axe/structure": [`
	`13`	`+ "default",`
	`14`	`+ {`
	`15`	`+ "list": "off"`
	`16`	`+ }`
	`17`	`+ ],`
	`18`	`+ "no-inline-styles": "off"`
`12`	`19`	`}`
`13`	`20`	`}`