refactor: migrate web package from env to webEnv

brandonkachen · brandonkachen · commit 28221776517d · 2025-12-10T00:24:48.000-08:00
- Add ESLint rule to enforce webEnv import instead of env
- Replace all env imports with webEnv in 17 web files
- webEnv omits CODEBUFF_API_KEY for type-level security
diff --git a/web/.eslintrc.cjs b/web/.eslintrc.cjs
@@ -31,6 +31,20 @@ module.exports = {
         message: 'CODEBUFF_API_KEY is not allowed in web package. Users must provide their own API key via Authorization header.',
       },
     ],
+    // Enforce using webEnv instead of env in web package
+    // webEnv omits CODEBUFF_API_KEY for type-level protection
+    'no-restricted-imports': [
+      'error',
+      {
+        paths: [
+          {
+            name: '@codebuff/internal/env',
+            importNames: ['env'],
+            message: "Use 'webEnv' instead of 'env' in web package. webEnv omits CODEBUFF_API_KEY for security.",
+          },
+        ],
+      },
+    ],
   },
   settings: {
     tailwindcss: {
diff --git a/web/scripts/discord/register-commands.ts b/web/scripts/discord/register-commands.ts
@@ -1,4 +1,4 @@
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { REST, Routes, SlashCommandBuilder } from 'discord.js'
 
 import { logger } from '@/util/logger'
@@ -15,13 +15,13 @@ const commands = [
     ),
 ]
 
-const rest = new REST().setToken(env.DISCORD_BOT_TOKEN)
+const rest = new REST().setToken(webEnv.DISCORD_BOT_TOKEN)
 
 async function main() {
   try {
     logger.info('Started refreshing application (/) commands.')
 
-    await rest.put(Routes.applicationCommands(env.DISCORD_APPLICATION_ID), {
+    await rest.put(Routes.applicationCommands(webEnv.DISCORD_APPLICATION_ID), {
       body: commands,
     })
 
diff --git a/web/src/app/api/auth/[...nextauth]/auth-options.ts b/web/src/app/api/auth/[...nextauth]/auth-options.ts
@@ -8,7 +8,7 @@ import { generateCompactId } from '@codebuff/common/util/string'
 import { loops } from '@codebuff/internal'
 import db from '@codebuff/internal/db'
 import * as schema from '@codebuff/internal/db/schema'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { stripeServer } from '@codebuff/internal/util/stripe'
 import { logSyncFailure } from '@codebuff/internal/util/sync-failure'
 import { eq } from 'drizzle-orm'
@@ -46,14 +46,14 @@ async function createAndLinkStripeCustomer(params: {
     // Create subscription with the usage price
     await stripeServer.subscriptions.create({
       customer: customer.id,
-      items: [{ price: env.STRIPE_USAGE_PRICE_ID }],
+      items: [{ price: webEnv.STRIPE_USAGE_PRICE_ID }],
     })
 
     await db
       .update(schema.user)
       .set({
         stripe_customer_id: customer.id,
-        stripe_price_id: env.STRIPE_USAGE_PRICE_ID,
+        stripe_price_id: webEnv.STRIPE_USAGE_PRICE_ID,
       })
       .where(eq(schema.user.id, userId))
 
@@ -137,8 +137,8 @@ export const authOptions: NextAuthOptions = {
   }) as Adapter,
   providers: [
     GitHubProvider({
-      clientId: env.CODEBUFF_GITHUB_ID,
-      clientSecret: env.CODEBUFF_GITHUB_SECRET,
+      clientId: webEnv.CODEBUFF_GITHUB_ID,
+      clientSecret: webEnv.CODEBUFF_GITHUB_SECRET,
     }),
   ],
   session: {
diff --git a/web/src/app/api/auth/cli/code/route.ts b/web/src/app/api/auth/cli/code/route.ts
@@ -1,7 +1,7 @@
 import { genAuthCode } from '@codebuff/common/util/credentials'
 import db from '@codebuff/internal/db'
 import * as schema from '@codebuff/internal/db/schema'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { and, eq, gt } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
 import { z } from 'zod/v4'
@@ -25,7 +25,7 @@ export async function POST(req: Request) {
     const fingerprintHash = genAuthCode(
       fingerprintId,
       expiresAt.toString(),
-      env.NEXTAUTH_SECRET,
+      webEnv.NEXTAUTH_SECRET,
     )
 
     // Check if this fingerprint has any active sessions
@@ -56,7 +56,7 @@ export async function POST(req: Request) {
     }
 
     // Generate login URL without modifying the fingerprint record
-    const loginUrl = `${env.NEXT_PUBLIC_CODEBUFF_APP_URL}/login?auth_code=${fingerprintId}.${expiresAt}.${fingerprintHash}${
+    const loginUrl = `${webEnv.NEXT_PUBLIC_CODEBUFF_APP_URL}/login?auth_code=${fingerprintId}.${expiresAt}.${fingerprintHash}${
       referralCode ? `&referral_code=${referralCode}` : ''
     }`
 
diff --git a/web/src/app/api/auth/cli/status/route.ts b/web/src/app/api/auth/cli/status/route.ts
@@ -1,7 +1,7 @@
 import { genAuthCode } from '@codebuff/common/util/credentials'
 import db from '@codebuff/internal/db'
 import * as schema from '@codebuff/internal/db/schema'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { and, eq, gt, or, isNull } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
 import { z } from 'zod/v4'
@@ -45,7 +45,7 @@ export async function GET(req: Request) {
   const expectedHash = genAuthCode(
     fingerprintId,
     expiresAt.toString(),
-    env.NEXTAUTH_SECRET,
+    webEnv.NEXTAUTH_SECRET,
   )
   if (fingerprintHash !== expectedHash) {
     logger.info(
diff --git a/web/src/app/api/orgs/[orgId]/billing/setup/route.ts b/web/src/app/api/orgs/[orgId]/billing/setup/route.ts
@@ -1,7 +1,7 @@
 import { pluralize } from '@codebuff/common/util/string'
 import db from '@codebuff/internal/db'
 import * as schema from '@codebuff/internal/db/schema'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { stripeServer } from '@codebuff/internal/util/stripe'
 import { eq, and, sql } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
@@ -190,13 +190,13 @@ export async function POST(req: NextRequest, { params }: RouteParams) {
       mode: 'subscription',
       line_items: [
         {
-          price: env.STRIPE_TEAM_FEE_PRICE_ID,
+          price: webEnv.STRIPE_TEAM_FEE_PRICE_ID,
           quantity: seatCount,
         },
       ],
       allow_promotion_codes: true,
-      success_url: `${env.NEXT_PUBLIC_CODEBUFF_APP_URL}/orgs/${organization.slug}/billing/purchase?subscription_success=true`,
-      cancel_url: `${env.NEXT_PUBLIC_CODEBUFF_APP_URL}/orgs/${organization.slug}?subscription_canceled=true`,
+      success_url: `${webEnv.NEXT_PUBLIC_CODEBUFF_APP_URL}/orgs/${organization.slug}/billing/purchase?subscription_success=true`,
+      cancel_url: `${webEnv.NEXT_PUBLIC_CODEBUFF_APP_URL}/orgs/${organization.slug}?subscription_canceled=true`,
       metadata: {
         organization_id: orgId,
         type: 'subscription_setup',
diff --git a/web/src/app/api/orgs/[orgId]/billing/status/route.ts b/web/src/app/api/orgs/[orgId]/billing/status/route.ts
@@ -1,6 +1,6 @@
 import db from '@codebuff/internal/db'
 import * as schema from '@codebuff/internal/db/schema'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { stripeServer } from '@codebuff/internal/util/stripe'
 import { eq, and, sql } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
@@ -76,7 +76,7 @@ export async function GET(req: NextRequest, { params }: RouteParams) {
         // Create billing portal session
         const portalSession = await stripeServer.billingPortal.sessions.create({
           customer: organization.stripe_customer_id,
-          return_url: `${env.NEXT_PUBLIC_CODEBUFF_APP_URL}/orgs/${organization.slug}/settings`,
+          return_url: `${webEnv.NEXT_PUBLIC_CODEBUFF_APP_URL}/orgs/${organization.slug}/settings`,
         })
         billingPortalUrl = portalSession.url
 
diff --git a/web/src/app/api/orgs/[orgId]/credits/route.ts b/web/src/app/api/orgs/[orgId]/credits/route.ts
@@ -3,7 +3,7 @@ import { CREDIT_PRICING } from '@codebuff/common/old-constants'
 import { generateCompactId } from '@codebuff/common/util/string'
 import db from '@codebuff/internal/db'
 import * as schema from '@codebuff/internal/db/schema'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { stripeServer } from '@codebuff/internal/util/stripe'
 import { and, eq } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
@@ -231,8 +231,8 @@ export async function POST(request: NextRequest, { params }: RouteParams) {
     }
 
     // Fall back to checkout session if direct charge failed or no valid payment method
-    const successUrl = `${env.NEXT_PUBLIC_CODEBUFF_APP_URL}/orgs/${organization.slug}?purchase_success=true`
-    const cancelUrl = `${env.NEXT_PUBLIC_CODEBUFF_APP_URL}/orgs/${organization.slug}?purchase_canceled=true`
+    const successUrl = `${webEnv.NEXT_PUBLIC_CODEBUFF_APP_URL}/orgs/${organization.slug}?purchase_success=true`
+    const cancelUrl = `${webEnv.NEXT_PUBLIC_CODEBUFF_APP_URL}/orgs/${organization.slug}?purchase_canceled=true`
 
     const checkoutSession = await stripeServer.checkout.sessions.create({
       payment_method_types: ['card', 'link'],
diff --git a/web/src/app/api/orgs/[orgId]/monitoring/route.ts b/web/src/app/api/orgs/[orgId]/monitoring/route.ts
@@ -1,7 +1,7 @@
 import { calculateOrganizationUsageAndBalance } from '@codebuff/billing'
 import db from '@codebuff/internal/db'
 import * as schema from '@codebuff/internal/db/schema'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { eq, and, gte, sql } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
 import { getServerSession } from 'next-auth'
@@ -143,7 +143,7 @@ export async function GET(
 
     // Get alerts count
     const alertsResponse = await fetch(
-      `${env.NEXT_PUBLIC_CODEBUFF_APP_URL}/api/orgs/${orgId}/alerts`,
+      `${webEnv.NEXT_PUBLIC_CODEBUFF_APP_URL}/api/orgs/${orgId}/alerts`,
       {
         headers: {
           Cookie: request.headers.get('Cookie') || '',
diff --git a/web/src/app/api/orgs/route.ts b/web/src/app/api/orgs/route.ts
@@ -1,6 +1,6 @@
 import db from '@codebuff/internal/db'
 import * as schema from '@codebuff/internal/db/schema'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { stripeServer } from '@codebuff/internal/util/stripe'
 import { eq, and } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
@@ -169,7 +169,7 @@ export async function POST(request: NextRequest) {
 
     // Create Stripe customer if needed
     let stripeCustomerId = null
-    if (env.STRIPE_SECRET_KEY) {
+    if (webEnv.STRIPE_SECRET_KEY) {
       try {
         const customer = await stripeServer.customers.create({
           name: newOrg.name,
diff --git a/web/src/app/api/stripe/buy-credits/route.ts b/web/src/app/api/stripe/buy-credits/route.ts
@@ -3,7 +3,7 @@ import { convertCreditsToUsdCents } from '@codebuff/common/util/currency'
 import { generateCompactId } from '@codebuff/common/util/string'
 import db from '@codebuff/internal/db'
 import * as schema from '@codebuff/internal/db/schema'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { stripeServer } from '@codebuff/internal/util/stripe'
 import { eq } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
@@ -177,8 +177,8 @@ export async function POST(req: NextRequest) {
         },
       ],
       mode: 'payment',
-      success_url: `${env.NEXT_PUBLIC_CODEBUFF_APP_URL}/payment-success?session_id={CHECKOUT_SESSION_ID}&purchase=credits&amt=${credits}`,
-      cancel_url: `${env.NEXT_PUBLIC_CODEBUFF_APP_URL}/usage?purchase_canceled=true`,
+      success_url: `${webEnv.NEXT_PUBLIC_CODEBUFF_APP_URL}/payment-success?session_id={CHECKOUT_SESSION_ID}&purchase=credits&amt=${credits}`,
+      cancel_url: `${webEnv.NEXT_PUBLIC_CODEBUFF_APP_URL}/usage?purchase_canceled=true`,
       metadata: {
         userId: userId,
         credits: credits.toString(),
diff --git a/web/src/app/api/stripe/webhook/route.ts b/web/src/app/api/stripe/webhook/route.ts
@@ -5,7 +5,7 @@ import {
 } from '@codebuff/billing'
 import db from '@codebuff/internal/db'
 import * as schema from '@codebuff/internal/db/schema'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { stripeServer } from '@codebuff/internal/util/stripe'
 import { eq } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
@@ -331,7 +331,7 @@ const webhookHandler = async (req: NextRequest): Promise<NextResponse> => {
     event = stripeServer.webhooks.constructEvent(
       buf,
       sig,
-      env.STRIPE_WEBHOOK_SECRET_KEY,
+      webEnv.STRIPE_WEBHOOK_SECRET_KEY,
     )
   } catch (err) {
     const error = err as Error
diff --git a/web/src/app/api/v1/chat/completions/__tests__/completions.test.ts b/web/src/app/api/v1/chat/completions/__tests__/completions.test.ts
@@ -1,4 +1,4 @@
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { afterEach, beforeEach, describe, expect, mock, it } from 'bun:test'
 import { NextRequest } from 'next/server'
 
diff --git a/web/src/app/api/v1/chat/completions/_post.ts b/web/src/app/api/v1/chat/completions/_post.ts
@@ -2,7 +2,7 @@ import { AnalyticsEvent } from '@codebuff/common/constants/analytics-events'
 import { BYOK_OPENROUTER_HEADER } from '@codebuff/common/constants/byok'
 import { getErrorObject } from '@codebuff/common/util/error'
 import { pluralize } from '@codebuff/common/util/string'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { NextResponse } from 'next/server'
 
 import {
@@ -179,7 +179,7 @@ export async function postChatCompletions(params: {
       const resetCountdown = formatQuotaResetCountdown(nextQuotaReset)
       return NextResponse.json(
         {
-          message: `Out of credits. Please add credits at ${env.NEXT_PUBLIC_CODEBUFF_APP_URL}/usage. Your free credits reset ${resetCountdown}.`,
+          message: `Out of credits. Please add credits at ${webEnv.NEXT_PUBLIC_CODEBUFF_APP_URL}/usage. Your free credits reset ${resetCountdown}.`,
         },
         { status: 402 },
       )
diff --git a/web/src/app/onboard/page.tsx b/web/src/app/onboard/page.tsx
@@ -4,7 +4,7 @@ import { MAX_DATE } from '@codebuff/common/old-constants'
 import { genAuthCode } from '@codebuff/common/util/credentials'
 import { db } from '@codebuff/internal/db'
 import * as schema from '@codebuff/internal/db/schema'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { and, eq, gt } from 'drizzle-orm'
 import { redirect } from 'next/navigation'
 import { getServerSession } from 'next-auth'
@@ -37,7 +37,7 @@ const Onboard = async ({ searchParams = {} }: PageProps) => {
   // Handle referral-only flow (no CLI auth required)
   if (!user) {
     console.log('🟢 Onboard Server: No user session, redirecting to app URL')
-    return redirect(env.NEXT_PUBLIC_CODEBUFF_APP_URL)
+    return redirect(webEnv.NEXT_PUBLIC_CODEBUFF_APP_URL)
   }
 
   // Handle all non-CLI flows (web users with or without referral codes)
@@ -84,7 +84,7 @@ const Onboard = async ({ searchParams = {} }: PageProps) => {
   const fingerprintHash = genAuthCode(
     fingerprintId,
     expiresAt,
-    env.NEXTAUTH_SECRET,
+    webEnv.NEXTAUTH_SECRET,
   )
   if (receivedfingerprintHash !== fingerprintHash) {
     return CardWithBeams({
@@ -174,7 +174,7 @@ const Onboard = async ({ searchParams = {} }: PageProps) => {
       content: (
         <p>
           Please try generating a new login code. If the problem persists,
-          contact {env.NEXT_PUBLIC_SUPPORT_EMAIL} for assistance.
+          contact {webEnv.NEXT_PUBLIC_SUPPORT_EMAIL} for assistance.
         </p>
       ),
     })
@@ -240,7 +240,7 @@ const Onboard = async ({ searchParams = {} }: PageProps) => {
     content: (
       <p>
         Not sure what happened with creating your user. Please try again and
-        reach out to {env.NEXT_PUBLIC_SUPPORT_EMAIL} if the problem persists.
+        reach out to {webEnv.NEXT_PUBLIC_SUPPORT_EMAIL} if the problem persists.
       </p>
     ),
   })
diff --git a/web/src/discord/client.ts b/web/src/discord/client.ts
@@ -1,6 +1,6 @@
 import db from '@codebuff/internal/db'
 import { user } from '@codebuff/internal/db/schema'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 import { Client, Events, GatewayIntentBits } from 'discord.js'
 import { eq, or } from 'drizzle-orm'
 
@@ -95,7 +95,7 @@ export function startDiscordBot() {
           userRecord.discordId !== null
         ) {
           await command.reply({
-            content: `I couldn't link that email to your Discord account. Make sure you're using the correct email and that it isn't already linked to another Discord account. Contact ${env.NEXT_PUBLIC_SUPPORT_EMAIL} if you need help.`,
+            content: `I couldn't link that email to your Discord account. Make sure you're using the correct email and that it isn't already linked to another Discord account. Contact ${webEnv.NEXT_PUBLIC_SUPPORT_EMAIL} if you need help.`,
             ephemeral: true,
           })
           return
@@ -142,7 +142,7 @@ export function startDiscordBot() {
   })
 
   // Login to Discord
-  client.login(env.DISCORD_BOT_TOKEN).catch((error) => {
+  client.login(webEnv.DISCORD_BOT_TOKEN).catch((error) => {
     logger.error({ error }, 'Failed to start Discord bot')
   })
 
diff --git a/web/src/llm-api/openai.ts b/web/src/llm-api/openai.ts
@@ -1,4 +1,4 @@
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 
 import {
   consumeCreditsForMessage,
@@ -132,7 +132,7 @@ export async function handleOpenAINonStream({
   const response = await fetch('https://api.openai.com/v1/chat/completions', {
     method: 'POST',
     headers: {
-      Authorization: `Bearer ${env.OPENAI_API_KEY}`,
+      Authorization: `Bearer ${webEnv.OPENAI_API_KEY}`,
       'Content-Type': 'application/json',
     },
     body: JSON.stringify(openaiBody),
diff --git a/web/src/llm-api/openrouter.ts b/web/src/llm-api/openrouter.ts
@@ -1,5 +1,5 @@
 import { getErrorObject } from '@codebuff/common/util/error'
-import { env } from '@codebuff/internal/env'
+import { webEnv } from '@codebuff/internal/env'
 
 import {
   consumeCreditsForMessage,
@@ -26,7 +26,7 @@ function createOpenRouterRequest(params: {
   return fetch('https://openrouter.ai/api/v1/chat/completions', {
     method: 'POST',
     headers: {
-      Authorization: `Bearer ${openrouterApiKey ?? env.OPEN_ROUTER_API_KEY}`,
+      Authorization: `Bearer ${openrouterApiKey ?? webEnv.OPEN_ROUTER_API_KEY}`,
       'HTTP-Referer': 'https://codebuff.com',
       'X-Title': 'Codebuff',
       'Content-Type': 'application/json',
