veza/scripts/validate-env.sh

#!/bin/bash
# =============================================================================
# Environment Variables Validation Script (TASK-QA-009)
# =============================================================================
# Validates required environment variables for Veza development.
# See docs/ENV_VARIABLES.md for full reference.
#
# Usage:
#   ./scripts/validate-env.sh [environment]
#   environment: development (default), production, test
#
# Can be run before make dev or integrated in make doctor.
# =============================================================================

set -e

ENVIRONMENT=${1:-development}
ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
cd "$ROOT"

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'

check_var() {
    local var_name=$1
    local required=$2
    local value="${!var_name}"

    if [ -z "$value" ]; then
        if [ "$required" = "required" ]; then
            echo -e "  ${RED}✗ ${var_name} (required, not set)${NC}"
            return 1
        else
            echo -e "  ${YELLOW}○ ${var_name} (optional, not set)${NC}"
            return 0
        fi
    else
        echo -e "  ${GREEN}✓ ${var_name}${NC}"
        return 0
    fi
}

echo ""
echo "🔍 Environment validation (${ENVIRONMENT})"
echo "   Ref: docs/ENV_VARIABLES.md"
echo ""

ERRORS=0

# Load .env if present (optional)
if [ -f .env ]; then
    set -a
    source .env
    set +a
fi

echo "Required variables:"
check_var "DATABASE_URL" "required" || ERRORS=$((ERRORS + 1))
check_var "REDIS_URL" "required" || ERRORS=$((ERRORS + 1))

# JWT: either RS256 keys OR JWT_SECRET (dev fallback)
JWT_PRIVATE=$(printenv JWT_PRIVATE_KEY_PATH 2>/dev/null || true)
JWT_PUBLIC=$(printenv JWT_PUBLIC_KEY_PATH 2>/dev/null || true)
JWT_SECRET=$(printenv JWT_SECRET 2>/dev/null || true)
if [ -n "$JWT_PRIVATE" ] && [ -n "$JWT_PUBLIC" ]; then
    echo -e "  ${GREEN}✓ JWT (RS256: keys configured)${NC}"
elif [ -n "$JWT_SECRET" ] && [ ${#JWT_SECRET} -ge 32 ]; then
    echo -e "  ${GREEN}✓ JWT (HS256 fallback, min 32 chars)${NC}"
else
    echo -e "  ${RED}✗ JWT_PRIVATE_KEY_PATH + JWT_PUBLIC_KEY_PATH, or JWT_SECRET (min 32 chars)${NC}"
    ERRORS=$((ERRORS + 1))
fi

echo ""
echo "Optional (development):"
check_var "CORS_ALLOWED_ORIGINS" "optional"
check_var "FRONTEND_URL" "optional"

if [ "$ENVIRONMENT" = "production" ]; then
    echo ""
    echo "Production-specific:"
    check_var "CORS_ALLOWED_ORIGINS" "required" || ERRORS=$((ERRORS + 1))
fi

echo ""
if [ $ERRORS -eq 0 ]; then
    echo -e "${GREEN}✓ Validation passed.${NC}"
    exit 0
else
    echo -e "${RED}✗ Validation failed ($ERRORS error(s)).${NC}"
    echo "  See docs/ENV_VARIABLES.md and .env.example"
    exit 1
fi
v0.9.3 2026-03-05 18:35:57 +00:00			`#!/bin/bash`
			`# =============================================================================`
			`# Environment Variables Validation Script (TASK-QA-009)`
			`# =============================================================================`
			`# Validates required environment variables for Veza development.`
			`# See docs/ENV_VARIABLES.md for full reference.`
			`#`
			`# Usage:`
			`# ./scripts/validate-env.sh [environment]`
			`# environment: development (default), production, test`
			`#`
			`# Can be run before make dev or integrated in make doctor.`
			`# =============================================================================`

			`set -e`

			`ENVIRONMENT=${1:-development}`
			`ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"`
			`cd "$ROOT"`

			`RED='\033[0;31m'`
			`GREEN='\033[0;32m'`
			`YELLOW='\033[1;33m'`
			`NC='\033[0m'`

			`check_var() {`
			`local var_name=$1`
			`local required=$2`
			`local value="${!var_name}"`

			`if [ -z "$value" ]; then`
			`if [ "$required" = "required" ]; then`
			`echo -e " ${RED}✗ ${var_name} (required, not set)${NC}"`
			`return 1`
			`else`
			`echo -e " ${YELLOW}○ ${var_name} (optional, not set)${NC}"`
			`return 0`
			`fi`
			`else`
			`echo -e " ${GREEN}✓ ${var_name}${NC}"`
			`return 0`
			`fi`
			`}`

			`echo ""`
			`echo "🔍 Environment validation (${ENVIRONMENT})"`
			`echo " Ref: docs/ENV_VARIABLES.md"`
			`echo ""`

			`ERRORS=0`

			`# Load .env if present (optional)`
			`if [ -f .env ]; then`
			`set -a`
			`source .env`
			`set +a`
			`fi`

			`echo "Required variables:"`
			`check_var "DATABASE_URL" "required" \|\| ERRORS=$((ERRORS + 1))`
			`check_var "REDIS_URL" "required" \|\| ERRORS=$((ERRORS + 1))`

			`# JWT: either RS256 keys OR JWT_SECRET (dev fallback)`
			`JWT_PRIVATE=$(printenv JWT_PRIVATE_KEY_PATH 2>/dev/null \|\| true)`
			`JWT_PUBLIC=$(printenv JWT_PUBLIC_KEY_PATH 2>/dev/null \|\| true)`
			`JWT_SECRET=$(printenv JWT_SECRET 2>/dev/null \|\| true)`
			`if [ -n "$JWT_PRIVATE" ] && [ -n "$JWT_PUBLIC" ]; then`
			`echo -e " ${GREEN}✓ JWT (RS256: keys configured)${NC}"`
			`elif [ -n "$JWT_SECRET" ] && [ ${#JWT_SECRET} -ge 32 ]; then`
			`echo -e " ${GREEN}✓ JWT (HS256 fallback, min 32 chars)${NC}"`
			`else`
			`echo -e " ${RED}✗ JWT_PRIVATE_KEY_PATH + JWT_PUBLIC_KEY_PATH, or JWT_SECRET (min 32 chars)${NC}"`
			`ERRORS=$((ERRORS + 1))`
			`fi`

			`echo ""`
			`echo "Optional (development):"`
			`check_var "CORS_ALLOWED_ORIGINS" "optional"`
			`check_var "FRONTEND_URL" "optional"`

			`if [ "$ENVIRONMENT" = "production" ]; then`
			`echo ""`
			`echo "Production-specific:"`
			`check_var "CORS_ALLOWED_ORIGINS" "required" \|\| ERRORS=$((ERRORS + 1))`
			`fi`

			`echo ""`
			`if [ $ERRORS -eq 0 ]; then`
			`echo -e "${GREEN}✓ Validation passed.${NC}"`
			`exit 0`
			`else`
			`echo -e "${RED}✗ Validation failed ($ERRORS error(s)).${NC}"`
			`echo " See docs/ENV_VARIABLES.md and .env.example"`
			`exit 1`
			`fi`