fixes OWASP#2124: Refactored environment variable handling from credentials.ts to env.server.ts and env.client.ts (OWASP#2125)

Abhaysoft-inc · arkid15r · Dishant1804 · commit 63d94e80d9f2 · 2025-09-06T18:48:32.000+05:30
* splitted env vars into env.client and env.server and updated the imports

* removed credentials.ts

* Update code

---------

Co-authored-by: Arkadii Yakovets &lt;arkadii.yakovets@owasp.org&gt;
diff --git a/frontend/__tests__/unit/components/CardDetailsPage.test.tsx b/frontend/__tests__/unit/components/CardDetailsPage.test.tsx
@@ -68,7 +68,7 @@ jest.mock('@fortawesome/react-fontawesome', () => ({
   }) => <span data-testid={`icon-${icon.iconName}`} className={className} {...props} />,
 }))
 
-jest.mock('utils/credentials', () => ({
+jest.mock('utils/env.client', () => ({
   IS_PROJECT_HEALTH_ENABLED: true,
 }))
 
diff --git a/frontend/__tests__/unit/components/Footer.test.tsx b/frontend/__tests__/unit/components/Footer.test.tsx
@@ -95,7 +95,7 @@ jest.mock('utils/constants', () => ({
   ],
 }))
 
-jest.mock('utils/credentials', () => ({
+jest.mock('utils/env.client', () => ({
   ENVIRONMENT: 'production',
   RELEASE_VERSION: '1.2.3',
 }))
diff --git a/frontend/__tests__/unit/pages/Login.test.tsx b/frontend/__tests__/unit/pages/Login.test.tsx
@@ -15,8 +15,8 @@ jest.mock('next/navigation', () => ({
 jest.mock('@heroui/toast', () => ({
   addToast: jest.fn(),
 }))
-jest.mock('utils/credentials', () => ({
-  isGithubAuthEnabled: jest.fn(() => true),
+jest.mock('utils/env.server', () => ({
+  IS_GITHUB_AUTH_ENABLED: true,
 }))
 describe('LoginPage', () => {
   const pushMock = jest.fn()
diff --git a/frontend/next.config.ts b/frontend/next.config.ts
@@ -1,6 +1,6 @@
 import { withSentryConfig } from '@sentry/nextjs'
 import type { NextConfig } from 'next'
-import { SENTRY_AUTH_TOKEN } from 'utils/credentials'
+import { SENTRY_AUTH_TOKEN } from 'utils/env.server'
 
 const isLocal = process.env.NEXT_PUBLIC_ENVIRONMENT === 'local'
 
diff --git a/frontend/src/app/api/auth/[...nextauth]/route.ts b/frontend/src/app/api/auth/[...nextauth]/route.ts
@@ -3,7 +3,7 @@ import GitHubProvider from 'next-auth/providers/github'
 import { apolloClient } from 'server/apolloClient'
 import { IS_PROJECT_LEADER_QUERY, IS_MENTOR_QUERY } from 'server/queries/mentorshipQueries'
 import { ExtendedProfile, ExtendedSession } from 'types/auth'
-import { isGithubAuthEnabled } from 'utils/credentials'
+import { IS_GITHUB_AUTH_ENABLED } from 'utils/env.server'
 
 async function checkIfProjectLeader(login: string): Promise<boolean> {
   try {
@@ -35,7 +35,7 @@ async function checkIfMentor(login: string): Promise<boolean> {
 
 const providers = []
 
-if (isGithubAuthEnabled()) {
+if (IS_GITHUB_AUTH_ENABLED) {
   providers.push(
     GitHubProvider({
       clientId: process.env.NEXT_SERVER_GITHUB_CLIENT_ID,
diff --git a/frontend/src/app/auth/login/page.tsx b/frontend/src/app/auth/login/page.tsx
@@ -1,6 +1,6 @@
-import { isGithubAuthEnabled } from 'utils/credentials'
+import { IS_GITHUB_AUTH_ENABLED } from 'utils/env.server'
 import LoginPageContent from 'components/LoginPageContent'
 
 export default function LoginPage() {
-  return <LoginPageContent isGitHubAuthEnabled={isGithubAuthEnabled()} />
+  return <LoginPageContent isGitHubAuthEnabled={IS_GITHUB_AUTH_ENABLED} />
 }
diff --git a/frontend/src/app/layout.tsx b/frontend/src/app/layout.tsx
@@ -3,7 +3,8 @@ import type { Metadata } from 'next'
 import { Geist, Geist_Mono } from 'next/font/google'
 import React from 'react'
 import { Providers } from 'wrappers/provider'
-import { GTM_ID, isGithubAuthEnabled } from 'utils/credentials'
+import { GTM_ID } from 'utils/env.client'
+import { IS_GITHUB_AUTH_ENABLED } from 'utils/env.server'
 import AutoScrollToTop from 'components/AutoScrollToTop'
 import BreadCrumbs from 'components/BreadCrumbs'
 import Footer from 'components/Footer'
@@ -69,7 +70,7 @@ export default function RootLayout({
       >
         <Providers>
           <AutoScrollToTop />
-          <Header isGitHubAuthEnabled={isGithubAuthEnabled()} />
+          <Header isGitHubAuthEnabled={IS_GITHUB_AUTH_ENABLED} />
           <BreadCrumbs />
           {children}
           <Footer />
diff --git a/frontend/src/app/projects/dashboard/layout.tsx b/frontend/src/app/projects/dashboard/layout.tsx
@@ -1,14 +1,14 @@
 import { notFound } from 'next/navigation'
 import React from 'react'
-import { isGithubAuthEnabled } from 'utils/credentials'
+import { IS_GITHUB_AUTH_ENABLED } from 'utils/env.server'
 import DashboardWrapper from 'components/DashboardWrapper'
 import FontLoaderWrapper from 'components/FontLoaderWrapper'
 import ProjectsDashboardNavBar from 'components/ProjectsDashboardNavBar'
 
 const ProjectsHealthDashboardLayout: React.FC<{ readonly children: React.ReactNode }> = ({
   children,
 }) => {
-  if (!isGithubAuthEnabled()) {
+  if (!IS_GITHUB_AUTH_ENABLED) {
     notFound()
   }
   return (
diff --git a/frontend/src/app/settings/api-keys/layout.tsx b/frontend/src/app/settings/api-keys/layout.tsx
@@ -1,10 +1,10 @@
 import { notFound, redirect } from 'next/navigation'
 import { getServerSession } from 'next-auth'
 import React from 'react'
-import { isGithubAuthEnabled } from 'utils/credentials'
+import { IS_GITHUB_AUTH_ENABLED } from 'utils/env.server'
 
 export default async function ApiKeysLayout({ children }: Readonly<{ children: React.ReactNode }>) {
-  if (!isGithubAuthEnabled()) {
+  if (!IS_GITHUB_AUTH_ENABLED) {
     notFound()
   }
   const session = await getServerSession()
diff --git a/frontend/src/components/CardDetailsPage.tsx b/frontend/src/components/CardDetailsPage.tsx
@@ -14,7 +14,7 @@ import { useRouter } from 'next/navigation'
 import { useSession } from 'next-auth/react'
 import type { ExtendedSession } from 'types/auth'
 import type { DetailsCardProps } from 'types/card'
-import { IS_PROJECT_HEALTH_ENABLED } from 'utils/credentials'
+import { IS_PROJECT_HEALTH_ENABLED } from 'utils/env.client'
 import { scrollToAnchor } from 'utils/scrollToAnchor'
 import { getSocialIcon } from 'utils/urlIconMappings'
 import AnchorTitle from 'components/AnchorTitle'
@@ -87,7 +87,7 @@ const DetailsCard = ({
               ) && (
                 <button
                   type="button"
-                  className="flex items-center justify-center gap-2 text-nowrap rounded-md border border-[#0D6EFD] bg-transparent px-2 py-2 text-[#0D6EFD] text-blue-600 transition-all hover:bg-[#0D6EFD] hover:text-white dark:border-sky-600 dark:text-sky-600 dark:hover:bg-sky-100"
+                  className="flex items-center justify-center gap-2 text-nowrap rounded-md border border-[#0D6EFD] bg-transparent px-2 py-2 text-[#0D6EFD] transition-all hover:bg-[#0D6EFD] hover:text-white dark:border-sky-600 dark:text-sky-600 dark:hover:bg-sky-100"
                   onClick={() => {
                     router.push(`${window.location.pathname}/edit`)
                   }}
diff --git a/frontend/src/components/Footer.tsx b/frontend/src/components/Footer.tsx
@@ -7,7 +7,7 @@ import { useState, useCallback } from 'react'
 import type { Section } from 'types/section'
 import { footerIcons } from 'utils/constants'
 import { footerSections } from 'utils/constants'
-import { ENVIRONMENT, RELEASE_VERSION } from 'utils/credentials'
+import { ENVIRONMENT, RELEASE_VERSION } from 'utils/env.client'
 
 export default function Footer() {
   // State to keep track of the open section in the footer
diff --git a/frontend/src/instrumentation-client.ts b/frontend/src/instrumentation-client.ts
@@ -1,5 +1,5 @@
 import * as Sentry from '@sentry/nextjs'
-import { ENVIRONMENT, RELEASE_VERSION, SENTRY_DSN } from 'utils/credentials'
+import { ENVIRONMENT, RELEASE_VERSION, SENTRY_DSN } from 'utils/env.client'
 
 Sentry.init({
   debug: false,
diff --git a/frontend/src/sentry.server.config.ts b/frontend/src/sentry.server.config.ts
@@ -1,5 +1,5 @@
 import * as Sentry from '@sentry/nextjs'
-import { SENTRY_DSN, ENVIRONMENT, RELEASE_VERSION } from 'utils/credentials'
+import { SENTRY_DSN, ENVIRONMENT, RELEASE_VERSION } from 'utils/env.client'
 
 Sentry.init({
   dsn: SENTRY_DSN || '',
diff --git a/frontend/src/server/fetchAlgoliaData.ts b/frontend/src/server/fetchAlgoliaData.ts
@@ -1,6 +1,6 @@
 import { AppError } from 'app/global-error'
 import type { AlgoliaResponse } from 'types/algolia'
-import { IDX_URL } from 'utils/credentials'
+import { IDX_URL } from 'utils/env.client'
 import { getCsrfToken } from 'utils/utility'
 
 export const fetchAlgoliaData = async <T>(
diff --git a/frontend/src/server/fetchCsrfToken.ts b/frontend/src/server/fetchCsrfToken.ts
@@ -1,5 +1,5 @@
 import { AppError } from 'app/global-error'
-import { CSRF_URL } from 'utils/credentials'
+import { CSRF_URL } from 'utils/env.client'
 
 export const fetchCsrfToken = async (): Promise<string> => {
   try {
diff --git a/frontend/src/server/fetchMetricsPDF.ts b/frontend/src/server/fetchMetricsPDF.ts
@@ -1,5 +1,5 @@
 import { handleAppError } from 'app/global-error'
-import { API_URL } from 'utils/credentials'
+import { API_URL } from 'utils/env.client'
 
 export const fetchMetricsPDF = async (path: string, fileName: string): Promise<void> => {
   const response = await fetch(`${API_URL}owasp/project-health-metrics/${path}`, {
diff --git a/frontend/src/utils/env.client.ts b/frontend/src/utils/env.client.ts
@@ -6,13 +6,5 @@ export const GTM_ID = process.env.NEXT_PUBLIC_GTM_ID
 export const IDX_URL = process.env.NEXT_PUBLIC_IDX_URL
 export const IS_PROJECT_HEALTH_ENABLED =
   process.env.NEXT_PUBLIC_IS_PROJECT_HEALTH_ENABLED === 'true'
-export const NEXTAUTH_URL = process.env.NEXTAUTH_URL
 export const RELEASE_VERSION = process.env.NEXT_PUBLIC_RELEASE_VERSION
-export const SENTRY_AUTH_TOKEN = process.env.NEXT_SENTRY_AUTH_TOKEN
 export const SENTRY_DSN = process.env.NEXT_PUBLIC_SENTRY_DSN
-
-export function isGithubAuthEnabled() {
-  return Boolean(
-    process.env.NEXT_SERVER_GITHUB_CLIENT_ID && process.env.NEXT_SERVER_GITHUB_CLIENT_SECRET
-  )
-}
diff --git a/frontend/src/utils/env.server.ts b/frontend/src/utils/env.server.ts
@@ -0,0 +1,6 @@
+export const GITHUB_CLIENT_ID = process.env.NEXT_SERVER_GITHUB_CLIENT_ID!
+export const GITHUB_CLIENT_SECRET = process.env.NEXT_SERVER_GITHUB_CLIENT_SECRET!
+export const NEXTAUTH_URL = process.env.NEXTAUTH_URL
+export const SENTRY_AUTH_TOKEN = process.env.NEXT_SENTRY_AUTH_TOKEN
+
+export const IS_GITHUB_AUTH_ENABLED = Boolean(GITHUB_CLIENT_ID && GITHUB_CLIENT_SECRET)
diff --git a/frontend/src/utils/helpers/apolloClient.ts b/frontend/src/utils/helpers/apolloClient.ts
@@ -1,7 +1,7 @@
 import { ApolloClient, createHttpLink, InMemoryCache } from '@apollo/client'
 import { setContext } from '@apollo/client/link/context'
 import { AppError, handleAppError } from 'app/global-error'
-import { GRAPHQL_URL } from 'utils/credentials'
+import { GRAPHQL_URL } from 'utils/env.client'
 import { getCsrfToken } from 'utils/utility'
 const createApolloClient = () => {
   if (!GRAPHQL_URL) {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`		`-import { isGithubAuthEnabled } from 'utils/credentials'`
	`1`	`+import { IS_GITHUB_AUTH_ENABLED } from 'utils/env.server'`
`2`	`2`	`import LoginPageContent from 'components/LoginPageContent'`
`3`	`3`
`4`	`4`	`export default function LoginPage() {`
`5`		`- return <LoginPageContent isGitHubAuthEnabled={isGithubAuthEnabled()} />`
	`5`	`+ return <LoginPageContent isGitHubAuthEnabled={IS_GITHUB_AUTH_ENABLED} />`
`6`	`6`	`}`