Skip to content

fix(stripe): correct Stripe secret key environment variable typo #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Yuankai619 wants to merge 1 commit into
base: demo
Choose a base branch
from
Draft

fix(stripe): correct Stripe secret key environment variable typo #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion app/api/checkout/payment/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ export async function POST(request: Request) {
return NextResponse.json({ error: 'Sorry, tickets are sold out.', code: 'SOLD_OUT' }, { status: 409 });
}

if (isMockKey(process.env.Stripe_CHANEL_SECRET)) {
if (isMockKey(process.env.Stripe_CHANNEL_SECRET || process.env.Stripe_CHANEL_SECRET)) {
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The logic for retrieving the Stripe secret key (including the fallback for the legacy typo) is duplicated here and in lib/stripe.ts. This duplication increases the maintenance burden and the risk of future errors if the environment variable configuration changes again. Consider centralizing this lookup in lib/stripe.ts by exporting the key or a helper function to ensure consistency across the application.

const orderId = `NV2026-${Date.now().toString(36).toUpperCase()}`;
return NextResponse.json({
success: true,
Expand Down
2 changes: 1 addition & 1 deletion lib/stripe.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ let _stripe: Stripe | null = null;

export function getStripe(): Stripe {
if (!_stripe) {
const stripeSecretKey = process.env.Stripe_CHANEL_SECRET;
const stripeSecretKey = process.env.Stripe_CHANNEL_SECRET || process.env.Stripe_CHANEL_SECRET;
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

While this change correctly addresses the typo and provides a fallback, the code still relies on a non-null assertion (!) on the following line. If neither environment variable is configured, the application will crash with a generic error from the Stripe library. It is better to explicitly validate the presence of the secret key and throw a descriptive error to improve observability and prevent runtime surprises, especially since this area was already identified as a source of production incidents.

Suggested change
const stripeSecretKey = process.env.Stripe_CHANNEL_SECRET || process.env.Stripe_CHANEL_SECRET;
const stripeSecretKey = process.env.Stripe_CHANNEL_SECRET || process.env.Stripe_CHANEL_SECRET;
if (!stripeSecretKey) {
throw new Error('Stripe secret key is missing. Please set Stripe_CHANNEL_SECRET.');
}

_stripe = new Stripe(stripeSecretKey!, {
apiVersion: '2026-03-25.dahlia',
});
Expand Down