Security Fixes

backend/src/core/config/environment.ts

@@ -8,7 +8,7 @@ import * as dotenv from 'dotenv';
 dotenv.config();
 
 const envSchema = z.object({
-  NODE_ENV: z.enum(['development', 'test', 'production']).default('development'),
+  NODE_ENV: z.string().default('development'),
   PORT: z.string().transform(Number).default('3001'),
   
   // Database
@@ -22,11 +22,11 @@ const envSchema = z.object({
   REDIS_HOST: z.string().default('localhost'),
   REDIS_PORT: z.string().transform(Number).default('6379'),
   
-  // Auth0
-  AUTH0_DOMAIN: z.string().default('localhost'),
-  AUTH0_CLIENT_ID: z.string().default('development'),
-  AUTH0_CLIENT_SECRET: z.string().default('development'),
-  AUTH0_AUDIENCE: z.string().default('https://api.motovaultpro.com'),
+  // Auth0 - Required for JWT validation
+  AUTH0_DOMAIN: z.string().min(1, 'AUTH0_DOMAIN is required for JWT authentication'),
+  AUTH0_CLIENT_ID: z.string().min(1, 'AUTH0_CLIENT_ID is required'),
+  AUTH0_CLIENT_SECRET: z.string().min(1, 'AUTH0_CLIENT_SECRET is required'),
+  AUTH0_AUDIENCE: z.string().min(1, 'AUTH0_AUDIENCE is required for JWT validation'),
   
   // External APIs
   GOOGLE_MAPS_API_KEY: z.string().default('development'),
@@ -45,7 +45,4 @@ export type Environment = z.infer<typeof envSchema>;
 // Validate and export - now with defaults for build-time compilation
 export const env = envSchema.parse(process.env);
 
-// Convenience exports
-export const isDevelopment = env.NODE_ENV === 'development';
-export const isProduction = env.NODE_ENV === 'production';
-export const isTest = env.NODE_ENV === 'test';
+// Environment configuration validated and exported