From eb28bb2bcadcb56e102e35917255c4a157533c65 Mon Sep 17 00:00:00 2001
From: oak <olaleyeaanuoluwapokay@gmail.com>
Date: Fri, 29 May 2026 22:19:01 +0100
Subject: [PATCH 1/2] fix: add STELLAR_HORIZON_URL to required env vars and
 optional-var warnings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #131

Changes:
- Add STELLAR_HORIZON_URL to the REQUIRED list in config/env.js
  (was present in .env.example and used by config/stellar.js but
  omitted from startup validation — a missing value caused a silent
  connection failure rather than a clear error on boot)

- Add startup warnings (stderr, not exit) for optional vars:
  - PLATFORM_APPROVER_USER_ID: warns that withdrawal approvals are
    open to all users when unset (dev mode)
  - JWT_EXPIRES_IN: warns that the code-level default (15m) is in
    effect, so operators know tokens are not perpetual

- Fix malformed comment in .env.example where the comment text for
  PLATFORM_APPROVER_USER_ID was accidentally merged with a section
  header; also comment-out the placeholder value so copying the file
  as-is doesn't accidentally set a zeroed-out UUID as the approver

Note: auth.js already sets expiresIn: process.env.JWT_EXPIRES_IN || '15m'
so no change is needed there — the default is already safe.
---
 backend/.env.example      |  4 ++--
 backend/src/config/env.js | 20 +++++++++++++++++++-
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/backend/.env.example b/backend/.env.example
index 2e2791a..125e807 100644
--- a/backend/.env.example
+++ b/backend/.env.example
@@ -35,8 +35,8 @@ PLATFORM_FEE_BPS=150
 # ALERT_WEBHOOK_URL=https://hooks.slack.com/services/...
 
 # Optional: UUID of the user who may approve/reject withdrawals as platform (JWT subject must match).
-# When unset, any logged-in user may call# Platform User for Approvals (Optional)
-PLATFORM_APPROVER_USER_ID=00000000-0000-0000-0000-000000000000
+# When unset, any logged-in user may call the withdrawal approval endpoints (dev mode only).
+# PLATFORM_APPROVER_USER_ID=00000000-0000-0000-0000-000000000000
 
 # Email Configuration
 EMAIL_FROM="CrowdPay" <noreply@crowdpay.local>
diff --git a/backend/src/config/env.js b/backend/src/config/env.js
index e18dbe5..1b7a6bb 100644
--- a/backend/src/config/env.js
+++ b/backend/src/config/env.js
@@ -1,6 +1,12 @@
 const { validateWalletSecretConfig } = require('../services/walletSecrets');
 
-const REQUIRED = ['JWT_SECRET', 'DATABASE_URL', 'PLATFORM_SECRET_KEY', 'STELLAR_NETWORK'];
+const REQUIRED = [
+  'DATABASE_URL',
+  'JWT_SECRET',
+  'PLATFORM_SECRET_KEY',
+  'STELLAR_NETWORK',
+  'STELLAR_HORIZON_URL',
+];
 const STORAGE_VARS = ['STORAGE_BUCKET', 'STORAGE_ENDPOINT'];
 
 function validateEnv() {
@@ -29,6 +35,18 @@ function validateEnv() {
     process.stderr.write(`\n[crowdpay] Cannot start: ${err.message}\n\n`);
     process.exit(1);
   }
+
+  // Warn about important optional variables
+  if (!process.env.PLATFORM_APPROVER_USER_ID) {
+    process.stderr.write(
+      '[crowdpay] Warning: PLATFORM_APPROVER_USER_ID not set — withdrawal approvals are open to all users (dev mode)\n'
+    );
+  }
+  if (!process.env.JWT_EXPIRES_IN) {
+    process.stderr.write(
+      '[crowdpay] Warning: JWT_EXPIRES_IN not set — access tokens will use the default expiry (15m)\n'
+    );
+  }
 }
 
 module.exports = { validateEnv };

From 4512c46a11353d127be65d77f6320da47fc57b0f Mon Sep 17 00:00:00 2001
From: oak <olaleyeaanuoluwapokay@gmail.com>
Date: Fri, 29 May 2026 22:24:02 +0100
Subject: [PATCH 2/2] ci: add STELLAR_HORIZON_URL to backend-checks and e2e
 test envs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

STELLAR_HORIZON_URL was added to the REQUIRED list in config/env.js as
part of fix #131. The CI test jobs were not supplying this variable, so
validateEnv() would call process.exit(1) before any tests could run.

Add STELLAR_HORIZON_URL (testnet Horizon URL) to:
- backend-checks: Run test suite env block
- e2e: Run E2E tests env block (also adds the other required backend
  vars that were missing — JWT_SECRET, PLATFORM_SECRET_KEY,
  STELLAR_NETWORK — which would have caused the same exit on startup)
---
 .github/workflows/ci.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d5caa3f..0f5b1cb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -50,6 +50,7 @@ jobs:
           JWT_SECRET: testsecret
           PLATFORM_SECRET_KEY: SCVMQUS5EMTHWBLJTE5XCSCMHB2ZOVKRR4ATVTRPUNRCOGKRENIL3LHR
           STELLAR_NETWORK: testnet
+          STELLAR_HORIZON_URL: https://horizon-testnet.stellar.org
           USDC_ISSUER: GBBD47IF6LWK7P7MDEVSCWR7DPUWV3NY3DTQEVFL4NAT4AQH3ZLLFLA5
           ENABLE_CAMPAIGN_STATUS_CRON: 'false'
         run: npm test
@@ -130,4 +131,8 @@ jobs:
         env:
           CI: true
           DATABASE_URL: postgresql://postgres:password@localhost:5433/crowdpay
+          JWT_SECRET: testsecret
+          PLATFORM_SECRET_KEY: SCVMQUS5EMTHWBLJTE5XCSCMHB2ZOVKRR4ATVTRPUNRCOGKRENIL3LHR
+          STELLAR_NETWORK: testnet
+          STELLAR_HORIZON_URL: https://horizon-testnet.stellar.org
         run: npm run test:e2e