@drmxrcy/tcg-config 0.0.0-202602060542

package/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "@drmxrcy/tcg-config",
+  "version": "0.0.0-202602060542",
+  "private": false,
+  "main": "./src/index.ts",
+  "types": "./src/index.ts",
+  "files": [
+    "src/"
+  ],
+  "scripts": {
+    "typecheck": "tsc --noEmit",
+    "format": "bun x @biomejs/biome check --fix --max-diagnostics=none --diagnostic-level=error --linter-enabled=false ./src",
+    "lint": "bun x @biomejs/biome lint --write ./src",
+    "check-types": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@t3-oss/env-core": "^0.11.1",
+    "zod": "^3.24.0"
+  },
+  "devDependencies": {
+    "@biomejs/biome": "2.3.11",
+    "@drmxrcy/tcg-typescript-config": "workspace:*",
+    "@types/node": "^22.15.30",
+    "typescript": "^5.8.3"
+  },
+  "exports": {
+    ".": "./src/index.ts",
+    "./auth": "./src/auth.ts"
+  }
+}

package/src/auth.ts

@@ -0,0 +1,95 @@
+import { createEnv } from "@t3-oss/env-core";
+import type { z } from "zod";
+import { authServerSchema } from "./schema";
+
+/**
+ * Auth Service environment validation using @t3-oss/env-core.
+ *
+ * This validates all auth service environment variables at startup and provides
+ * type-safe access throughout the application.
+ */
+
+/**
+ * Type of the validated environment object.
+ * Extracts the inferred type from the Zod schema.
+ */
+export type AuthEnv = z.infer<z.ZodObject<typeof authServerSchema>>;
+
+/**
+ * Validated environment object for Auth Service.
+ *
+ * Access environment variables like:
+ * - `authEnv.AUTH_DATABASE_URL`
+ * - `authEnv.AUTH_PORT`
+ * - `authEnv.AUTH_SECRET`
+ *
+ * All values are properly typed and validated.
+ */
+export const authEnv = createEnv({
+  isServer: true,
+  server: authServerSchema,
+  runtimeEnv: process.env,
+  emptyStringAsUndefined: true,
+});
+
+/**
+ * Parse environment variables from a custom runtime environment.
+ *
+ * Use this for embedded mode where environment variables
+ * come from a source other than process.env.
+ *
+ * @param runtimeEnv - Object containing environment variables
+ * @returns Validated environment object
+ *
+ * @example
+ * ```ts
+ * const parsed = parseAuthEnv({
+ *   AUTH_DATABASE_URL: 'postgres://...',
+ *   AUTH_SECRET: '...'
+ * });
+ * ```
+ */
+export function parseAuthEnv(
+  runtimeEnv: Record<string, string | undefined>,
+): AuthEnv {
+  return createEnv({
+    isServer: true,
+    server: authServerSchema,
+    runtimeEnv,
+    emptyStringAsUndefined: true,
+  });
+}
+
+/**
+ * Assert that the environment is valid.
+ *
+ * Throws an error if required environment variables are missing.
+ * Call this at application startup to fail fast.
+ *
+ * @returns The validated environment object
+ *
+ * @example
+ * ```ts
+ * if (process.env.NODE_ENV !== 'test') {
+ *   assertAuthEnv();
+ * }
+ * ```
+ */
+export function assertAuthEnv(): AuthEnv {
+  // Accessing authEnv will trigger validation
+  // If validation fails, createEnv throws an error
+  return authEnv;
+}
+
+/**
+ * Get an environment variable value with type safety.
+ *
+ * This is a convenience function for accessing individual variables.
+ * Prefer direct access via `authEnv.VARIABLE_NAME` for better IDE support.
+ *
+ * @param key - Environment variable name
+ * @returns The environment variable value
+ */
+export function getAuthEnv<K extends keyof AuthEnv>(key: K): AuthEnv[K] {
+  return authEnv[key];
+}

package/src/index.ts

@@ -0,0 +1,16 @@
+/**
+ * @drmxrcy/tcg-config - Environment configuration package
+ *
+ * Provides type-safe environment variable validation using Zod and @t3-oss/env-core.
+ */
+
+// Auth service environment exports
+export {
+  type AuthEnv,
+  assertAuthEnv,
+  authEnv,
+  getAuthEnv,
+  parseAuthEnv,
+} from "./auth";
+// Schema exports
+export * from "./schema";

package/src/schema.ts

@@ -0,0 +1,137 @@
+import { z } from "zod";
+
+/**
+ * Zod schemas for Auth Service environment variables.
+ * All auth-specific variables use AUTH_ prefix for clarity in multi-service deployments.
+ */
+
+// ============================================================================
+// Database
+// ============================================================================
+
+export const authDatabaseUrlSchema = z
+  .string()
+  .url({
+    message: "AUTH_DATABASE_URL must be a valid PostgreSQL connection string",
+  })
+  .describe("PostgreSQL connection string for auth database");
+
+// ============================================================================
+// Authentication (Better Auth)
+// ============================================================================
+
+export const authSecretSchema = z
+  .string()
+  .min(32, { message: "AUTH_SECRET must be at least 32 characters" })
+  .describe("Better Auth secret for session encryption");
+
+export const authDiscordClientIdSchema = z
+  .string()
+  .min(1)
+  .optional()
+  .describe("Discord OAuth client ID");
+
+export const authDiscordClientSecretSchema = z
+  .string()
+  .min(1)
+  .optional()
+  .describe("Discord OAuth client secret");
+
+// ============================================================================
+// Server Configuration
+// ============================================================================
+
+export const authPortSchema = z
+  .string()
+  .optional()
+  .default("3001")
+  .transform((val) => Number.parseInt(val, 10))
+  .pipe(
+    z
+      .number()
+      .int()
+      .min(1, { message: "AUTH_PORT must be at least 1" })
+      .max(65535, { message: "AUTH_PORT must be at most 65535" }),
+  )
+  .describe("Auth service port");
+
+export const authCorsOriginSchema = z
+  .string()
+  .optional()
+  .default("*")
+  .describe("CORS origin for auth service");
+
+export const authBaseUrlSchema = z
+  .string()
+  .url({ message: "AUTH_BASE_URL must be a valid URL" })
+  .optional()
+  .default("http://localhost:3001")
+  .describe("Base URL for auth service (used for JWT issuer/audience)");
+
+export const nodeEnvSchema = z
+  .enum(["development", "production", "test"])
+  .optional()
+  .default("development")
+  .describe("Node environment");
+
+// ============================================================================
+// Rate Limiting
+// ============================================================================
+
+const createRateLimitSchema = (defaultValue: string) =>
+  z
+    .string()
+    .optional()
+    .default(defaultValue)
+    .transform((val) => Number.parseInt(val, 10))
+    .pipe(
+      z
+        .number()
+        .int()
+        .min(1, { message: "Rate limit value must be at least 1" }),
+    );
+
+export const authRateLimitEnabledSchema = z
+  .enum(["true", "false"])
+  .optional()
+  .default("true")
+  .transform((val) => val !== "false")
+  .describe("Enable rate limiting");
+
+export const authRateLimitGlobalMaxSchema = createRateLimitSchema(
+  "200",
+).describe("Global requests per window");
+
+export const authRateLimitGlobalMaxAuthSchema = createRateLimitSchema(
+  "300",
+).describe("Global requests per window for authenticated users");
+
+export const authRateLimitAuthMaxSchema = createRateLimitSchema("10").describe(
+  "Auth endpoint requests per window",
+);
+
+// ============================================================================
+// Combined Schema for Auth Service
+// ============================================================================
+
+export const authServerSchema = {
+  // Database
+  AUTH_DATABASE_URL: authDatabaseUrlSchema,
+
+  // Authentication
+  AUTH_SECRET: authSecretSchema,
+  AUTH_DISCORD_CLIENT_ID: authDiscordClientIdSchema,
+  AUTH_DISCORD_CLIENT_SECRET: authDiscordClientSecretSchema,
+
+  // Server
+  AUTH_PORT: authPortSchema,
+  AUTH_CORS_ORIGIN: authCorsOriginSchema,
+  AUTH_BASE_URL: authBaseUrlSchema,
+  NODE_ENV: nodeEnvSchema,
+
+  // Rate Limiting
+  AUTH_RATE_LIMIT_ENABLED: authRateLimitEnabledSchema,
+  AUTH_RATE_LIMIT_GLOBAL_MAX: authRateLimitGlobalMaxSchema,
+  AUTH_RATE_LIMIT_GLOBAL_MAX_AUTH: authRateLimitGlobalMaxAuthSchema,
+  AUTH_RATE_LIMIT_AUTH_MAX: authRateLimitAuthMaxSchema,
+};