diff --git a/apps/api/src/auth/guard/auth/auth.guard.ts b/apps/api/src/auth/guard/auth/auth.guard.ts index 700f7d11f..a7cb6afe3 100644 --- a/apps/api/src/auth/guard/auth/auth.guard.ts +++ b/apps/api/src/auth/guard/auth/auth.guard.ts @@ -12,6 +12,7 @@ import { PrismaService } from '../../../prisma/prisma.service' import { ONBOARDING_BYPASSED } from '../../../decorators/bypass-onboarding.decorator' import { AuthenticatedUserContext } from '../../auth.types' import { toSHA256 } from '../../../common/to-sha256' +import { EnvSchema } from 'src/common/env/env.schema' const X_E2E_USER_EMAIL = 'x-e2e-user-email' const X_KEYSHADE_TOKEN = 'x-keyshade-token' @@ -41,17 +42,23 @@ export class AuthGuard implements CanActivate { let user: AuthenticatedUserContext | null = null const request = context.switchToHttp().getRequest() const authType = this.getAuthType(request) + const parsedEnv = EnvSchema.safeParse(process.env.NODE_ENV); + let nodeEnv; - //@ts-expect-error process.env.NODE_ENV parses to 'dev' - if (process.env.NODE_ENV !== 'e2e' && authType === 'NONE') { + if (!parsedEnv.success) { + nodeEnv = 'dev'; // Default to a valid value or handle appropriately + } else { + nodeEnv = parsedEnv.data; + } + + if (nodeEnv !== 'e2e' && authType === 'NONE') { throw new ForbiddenException('No authentication provided') } // In case the environment is e2e, we want to authenticate the user using the email // else we want to authenticate the user using the JWT token. - // @ts-expect-error process.env.NODE_ENV parses to 'dev' - if (authType !== 'API_KEY' && process.env.NODE_ENV === 'e2e') { + if (authType !== 'API_KEY' && nodeEnv === 'e2e') { const email = request.headers[X_E2E_USER_EMAIL] if (!email) { throw new ForbiddenException() diff --git a/apps/api/src/common/env/env.schema.ts b/apps/api/src/common/env/env.schema.ts index 81100b9b7..44ee48f4f 100644 --- a/apps/api/src/common/env/env.schema.ts +++ b/apps/api/src/common/env/env.schema.ts @@ -28,7 +28,7 @@ const e2eEnvSchema = z.object({ const generalSchema = z.object({ NODE_ENV: z.literal('dev'), DATABASE_URL: z.string(), - ADMIN_EMAIL: z.string(), + ADMIN_EMAIL: z.string().email(), REDIS_URL: z.string(), REDIS_PASSWORD: z.string().optional(), @@ -56,7 +56,7 @@ const generalSchema = z.object({ SMTP_HOST: z.string(), SMTP_PORT: z.string(), - SMTP_EMAIL_ADDRESS: z.string(), + SMTP_EMAIL_ADDRESS: z.string().email(), SMTP_PASSWORD: z.string(), FROM_EMAIL: z.string().regex(/^[a-zA-Z0-9._%+-]+ [<][a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}[>]$/), @@ -74,7 +74,7 @@ const generalSchema = z.object({ MINIO_BUCKET_NAME: z.string().optional(), MINIO_USE_SSL: z.string().optional(), - FEEDBACK_FORWARD_EMAIL: z.string() + FEEDBACK_FORWARD_EMAIL: z.string().email() }) export type EnvSchemaType = z.infer diff --git a/apps/api/src/user/service/user.service.ts b/apps/api/src/user/service/user.service.ts index c026a437e..61c489a1c 100644 --- a/apps/api/src/user/service/user.service.ts +++ b/apps/api/src/user/service/user.service.ts @@ -15,6 +15,7 @@ import { } from '../../mail/services/interface.service' import createUser from '../../common/create-user' import generateOtp from '../../common/generate-otp' +import { EnvSchema } from 'src/common/env/env.schema' @Injectable() export class UserService { @@ -294,9 +295,17 @@ export class UserService { } private async checkIfAdminExistsOrCreate() { - // @ts-expect-error process.env.NODE_ENV parses to 'dev' - // FIXME - if (process.env.NODE_ENV === 'test' || process.env.NODE_ENV === 'e2e') { + + const parsedEnv = EnvSchema.safeParse(process.env.NODE_ENV); + let nodeEnv; + + if (!parsedEnv.success) { + nodeEnv = 'dev'; // Default to a valid value or handle appropriately + } else { + nodeEnv = parsedEnv.data; + } + + if (nodeEnv === 'test' || nodeEnv === 'e2e') { return }