Skip to content

(SP: 1) [SHOP] make cart provider capability env reads runtime-safe#448

Merged
liudmylasovetovs merged 2 commits intodevelopfrom
lso/feat/shop-fix-cart
Apr 16, 2026
Merged

(SP: 1) [SHOP] make cart provider capability env reads runtime-safe#448
liudmylasovetovs merged 2 commits intodevelopfrom
lso/feat/shop-fix-cart

Conversation

@liudmylasovetovs
Copy link
Copy Markdown
Collaborator

@liudmylasovetovs liudmylasovetovs commented Apr 16, 2026
edited by coderabbitai bot
Loading

Description

Fixes cart SSR regression and makes cart provider capability detection runtime-safe for Netlify.

Previously, the cart page depended on global shop env assertions and provider helpers that read process.env directly. This caused:

  • SSR crashes when unrelated env (DB/auth/status token) was missing
  • false-disabled Stripe/Monobank on Netlify (runtime-only env delivery)

This PR:

  • decouples cart page from critical env assertions (fail-closed instead of crash)
  • makes Stripe and Monobank capability detection use readServerEnv()-compatible access
  • preserves strict fail-fast behavior for real checkout/payment/shipping flows

Related Issue

Issue: #<issue_number>

Changes

  • restored fail-closed behavior for cart provider capability resolution (no SSR crash on missing env)
  • migrated Stripe/Monobank env reads (cart path) to readServerEnv() for Netlify/runtime-safe behavior
  • updated provider runtime checks to use runtime-aware env access
  • fixed test suite (public-cart-env-contract) to avoid NODE_ENV readonly mutation
  • added/validated tests for runtime-only env scenarios and fail-closed behavior

Database Changes (if applicable)

  • Schema migration required
  • Seed data updated
  • Breaking changes to existing queries
  • Transaction-safe migration
  • Migration tested locally on Neon

How Has This Been Tested?

  • Tested locally
  • Verified in development environment

Local verification:

  • test DB initialized via PowerShell (strict local mode)
  • psql connectivity verified
  • npx vitest run lib/tests/shop/public-cart-env-contract.test.ts → 10/10 tests passed
  • manual SSR check:
    • /en/shop/cart
    • /uk/shop/cart
    • /pl/shop/cart
      → all return 200 OK

Test coverage confirms:

  • no SSR crash when critical env is missing

  • runtime-only env enables Stripe/Monobank correctly

  • invalid provider config fails closed (no false positives)

  • Checked responsive layout (if UI-related)

  • Tested accessibility (keyboard / screen reader)

Screenshots (if applicable)

N/A (server/runtime fix)

Checklist

Before submitting

  • Code has been self-reviewed
  • No TypeScript or console errors
  • Code follows project conventions
  • Scope is limited to this feature/fix
  • No unrelated refactors included
  • English used in code, commits, and docs
  • New dependencies discussed with team
  • Database migration tested locally (if applicable)
  • GitHub Projects card moved to In Review

Reviewers

Summary by CodeRabbit

  • Improvements
    • Enhanced reliability of payment provider configuration handling for Stripe, Monobank, and Google Pay payment options
    • Implemented more robust environment variable resolution with improved fallback mechanisms
    • Strengthened error handling to prevent checkout failures and ensure graceful degradation when provider configuration is incomplete or unavailable

@vercel
Copy link
Copy Markdown
Contributor

vercel bot commented Apr 16, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
devlovers-net Ignored Ignored Preview Apr 16, 2026 5:50pm

Request Review

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Apr 16, 2026
edited
Loading

Warning

Rate limit exceeded

@liudmylasovetovs has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 50 minutes and 9 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 50 minutes and 9 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 462d4add-d25c-4f63-88ef-22724186a8fd

📥 Commits

Reviewing files that changed from the base of the PR and between 9e32b6b and c05655d.

📒 Files selected for processing (1)
  • frontend/lib/env/stripe.ts
📝 Walkthrough

Walkthrough

This pull request refactors environment variable resolution across payment provider configuration files by replacing direct process.env access with a centralized readServerEnv() function. Changes affect Stripe, Monobank, and cart capability resolution, with corresponding test expansion to verify the new environment sourcing pattern.

Changes

Cohort / File(s) Summary
Environment Configuration Refactoring
frontend/lib/env/monobank.ts, frontend/lib/env/stripe.ts, frontend/lib/env/provider-runtime.ts		 Replaced direct process.env reads with readServerEnv() calls for Monobank token, webhook settings, Stripe keys, and provider runtime detection. Updated getMonobankEnv and isProductionLikeRuntime() to use normalized environment variable sourcing with selective fallbacks to process.env for NODE_ENV.
Cart Capabilities Resolution
frontend/app/[locale]/shop/cart/capabilities.ts		 Added isFlagEnabled() utility to normalize string environment values (true/1/yes/on as enabled, case-insensitive). Updated resolveStripeCheckoutEnabled() to call isPaymentsEnabled with requirePublishableKey, and resolveMonobankCheckoutEnabled() to gate on PAYMENTS_ENABLED before calling provider-specific logic. resolveMonobankGooglePayEnabled() now depends on Monobank checkout being resolved.
Environment Contract Tests
frontend/lib/tests/shop/public-cart-env-contract.test.ts		 Expanded test coverage from single SHOP_BASE_URL to comprehensive environment contract including Stripe, Monobank, auth, and database variables. Replaced provider-specific mocks with readServerEnv-driven baseline. Added scenarios verifying capability resolution with partial/invalid config and missing auth/database env vars.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Suggested reviewers

  • LesiaUKR
  • AM1007
  • ViktorSvertoka

Poem

🐰 Environment variables, once scattered and free,
Now dance through readServerEnv in harmony!
Monobank, Stripe, and configs align,
With isFlagEnabled() making strings fine,
From process.env chaos to structured delight! 🎉

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title clearly describes the main change: making cart provider capability environment reads runtime-safe, which directly addresses the core objective of fixing SSR regression and preventing crashes from missing environment variables.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch lso/feat/shop-fix-cart

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@frontend/lib/env/stripe.ts`:
- Around line 37-38: The code narrows STRIPE_MODE with a TypeScript cast without
runtime validation; update getStripeEnv/readServerEnv usage so STRIPE_MODE is
validated at runtime before assigning to StripeEnv.mode: read the raw value from
readServerEnv('STRIPE_MODE'), trim/lowercase it, and only accept 'test' or
'live' (e.g., if (val === 'test' || val === 'live') use it), otherwise fall back
to the existing nodeEnv-based default; reference STRIPE_MODE, readServerEnv,
getStripeEnv, nonEmpty and ensure the runtime check happens prior to any casting
to 'test' | 'live'.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f25ea5a0-5804-42a0-a073-19963cb0b527

📥 Commits

Reviewing files that changed from the base of the PR and between 6db1b0a and 9e32b6b.

📒 Files selected for processing (5)
  • frontend/app/[locale]/shop/cart/capabilities.ts
  • frontend/lib/env/monobank.ts
  • frontend/lib/env/provider-runtime.ts
  • frontend/lib/env/stripe.ts
  • frontend/lib/tests/shop/public-cart-env-contract.test.ts

Comment thread frontend/lib/env/stripe.ts Outdated
@liudmylasovetovs liudmylasovetovs merged commit 3c1764b into develop Apr 16, 2026
7 checks passed
@liudmylasovetovs liudmylasovetovs deleted the lso/feat/shop-fix-cart branch April 16, 2026 18:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@ViktorSvertoka ViktorSvertoka ViktorSvertoka approved these changes

@AM1007 AM1007 Awaiting requested review from AM1007 AM1007 is a code owner

@LesiaUKR LesiaUKR Awaiting requested review from LesiaUKR LesiaUKR is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@liudmylasovetovs @ViktorSvertoka