Fix Netlify runtime env resolution for admin visibility and shop status token

[LesiaUKR]

What

This PR fixes remaining runtime env reads that could fail in Netlify SSR/functions when process.env is partially unavailable at runtime.

Changes

• frontend/app/[locale]/layout.tsx
  • replaced direct process.env reads for admin flag with readServerEnv(...)
• frontend/lib/auth/admin.ts
  • assertAdminApiEnabled() now uses readServerEnv('ENABLE_ADMIN_API')
• frontend/lib/shop/status-token.ts
  • SHOP_STATUS_TOKEN_SECRET now resolved via readServerEnv(...)
• frontend/lib/env/server-env.ts
  • added fallback allowlist keys:
    • ENABLE_ADMIN_API
    • NEXT_PUBLIC_ENABLE_ADMIN
    • SHOP_STATUS_TOKEN_SECRET

Why

We already migrated DB/auth/redis paths to runtime-safe env resolution.
These remaining direct reads could still disable admin features or break status-token flows in Netlify runtime despite correct env values in project settings.

Expected result

• Admin link visibility and admin guard behavior stay consistent in Netlify runtime.
• Shop status token logic no longer depends on raw process.env availability.
• No behavior change expected for Vercel (normal process.env remains first priority).

Validation

• readServerEnv is used in all updated paths.
• fallback keys required by these paths are explicitly allowlisted.

Summary by CodeRabbit

• Chores
  • Improved environment configuration handling: admin API/dashboard and shop status token flags now resolve from additional runtime sources.
  • Email delivery settings (sender address and SMTP credentials) and allowed application origins can be sourced from expanded runtime fallbacks.
  • Broader set of environment keys supported for more flexible deployments and safer configuration management.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
devlovers-net	Ignored	Preview	Mar 29, 2026 7:21pm

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 53a8cdb0-e627-4d39-a090-9b66f5fdd057

📥 Commits

Reviewing files that changed from the base of the PR and between c14a6a6 and 9cc3a53.

📒 Files selected for processing (7)

• frontend/lib/auth/admin.ts
• frontend/lib/email/sendPasswordResetEmail.ts
• frontend/lib/email/sendVerificationEmail.ts
• frontend/lib/email/transporter.ts
• frontend/lib/env/server-env.ts
• frontend/lib/security/origin.ts
• frontend/lib/shop/status-token.ts

✅ Files skipped from review due to trivial changes (2)

• frontend/lib/env/server-env.ts
• frontend/lib/shop/status-token.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• frontend/lib/auth/admin.ts

---

📝 Walkthrough

Walkthrough

Refactors server-side configuration reads to use the centralized readServerEnv(...) helper instead of direct process.env access, and expands the generated-runtime fallback allowlist so additional keys can be resolved from the generated RUNTIME_ENV when absent from process or Netlify envs.

Changes

Cohort / File(s)	Summary
Server environment allowlist frontend/lib/env/server-env.ts	Added multiple keys to GENERATED_FALLBACK_KEYS (including ENABLE_ADMIN_API, NEXT_PUBLIC_ENABLE_ADMIN, SHOP_STATUS_TOKEN_SECRET, APP_ORIGIN, APP_ADDITIONAL_ORIGINS, GMAIL_USER, GMAIL_APP_PASSWORD, EMAIL_FROM) so readServerEnv() can fallback to generated/runtime env values.
Admin feature flag frontend/app/[locale]/layout.tsx, frontend/lib/auth/admin.ts	Switched admin-enable checks to use readServerEnv('ENABLE_ADMIN_API') and readServerEnv('NEXT_PUBLIC_ENABLE_ADMIN') (preserving normalization and production gate).
Email sending / transporter frontend/lib/email/sendPasswordResetEmail.ts, frontend/lib/email/sendVerificationEmail.ts, frontend/lib/email/transporter.ts	Now source EMAIL_FROM, GMAIL_USER, and GMAIL_APP_PASSWORD via readServerEnv(...); existing validation and transport logic unchanged.
Shop status token frontend/lib/shop/status-token.ts	SHOP_STATUS_TOKEN_SECRET is now retrieved via readServerEnv(...), preserving trim-and-throw-on-empty behavior.
Origin security frontend/lib/security/origin.ts	Sourcing of APP_ORIGIN and APP_ADDITIONAL_ORIGINS moved to readServerEnv(...); origin parsing and 403 handling unchanged.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• fix(netlify): add runtime env fallback generation for server env reads #433: Adds/implements the generated-runtime fallback mechanism that this change extends by adding keys to the allowlist.
• Fix Netlify runtime env resolution and Vercel Analytics loading #431: Modifies the same server-env.ts / runtime resolution logic used by readServerEnv().
• (SP: 2) [Frontend] Remove [locale] layout force-dynamic and move auth to client-side #370: Previously touched admin feature-flag usage in layout.tsx; this PR changes how that flag is read.

Suggested reviewers

• AM1007
• ViktorSvertoka
• liudmylasovetovs

Poem

🐇 I sniffed the env and gave a hop,
No more direct reads that make me stop.
readServerEnv now leads the way,
Secrets and origins safe each day.
A little hop for runtime cheer — configs are clear!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: migrating environment variable resolution from direct process.env reads to readServerEnv() to fix Netlify runtime issues, with specific focus on admin visibility and shop status token.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/redis-indent

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@frontend/lib/auth/admin.ts`:
- Line 35: The admin-flag parsing is inconsistent: assertAdminApiEnabled()
checks for exact 'true' while the layout path lowercases before comparing,
causing values like 'TRUE' to pass UI but fail the guard; fix by normalizing the
env value in one place and using it everywhere (e.g., add a helper like
isAdminApiEnabled() that calls readServerEnv('ENABLE_ADMIN_API'),
lowercases/trims the result and compares to 'true'), then update
assertAdminApiEnabled() and the layout check to call that helper so both UI and
guard use the same normalized logic.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2e80d2eb-5dab-4208-ac51-5cd2503685b6

📥 Commits

Reviewing files that changed from the base of the PR and between 6998f02 and c14a6a6.

📒 Files selected for processing (4)

• frontend/app/[locale]/layout.tsx
• frontend/lib/auth/admin.ts
• frontend/lib/env/server-env.ts
• frontend/lib/shop/status-token.ts