From 3351d740583302bb1c84c6ea99e6d880a173a67d Mon Sep 17 00:00:00 2001
From: Paperclip <noreply@paperclip.ing>
Date: Tue, 14 Apr 2026 16:03:37 +0000
Subject: [PATCH 1/2] fix: add startup validation to auth service config

- Add DATABASE_URL validation after BETTER_AUTH_SECRET check
- Warn clearly when DATABASE_URL is not set (uses localhost default)
- Move pool declaration after validation blocks

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 auth/src/auth.ts | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/auth/src/auth.ts b/auth/src/auth.ts
index b1e0e1b..202802c 100644
--- a/auth/src/auth.ts
+++ b/auth/src/auth.ts
@@ -4,17 +4,23 @@ import pg from "pg";
 
 const { Pool } = pg;
 
-const pool = new Pool({
-  connectionString:
-    process.env.DATABASE_URL ??
-    "postgresql://cartsnitch:cartsnitch@localhost:5432/cartsnitch",
-});
-
 const secret = process.env.BETTER_AUTH_SECRET;
 if (!secret) {
   throw new Error("BETTER_AUTH_SECRET environment variable is required");
 }
 
+const databaseUrl = process.env.DATABASE_URL;
+if (!databaseUrl) {
+  console.warn(
+    "WARNING: DATABASE_URL is not set — using default localhost connection. " +
+    "Set DATABASE_URL for production deployments."
+  );
+}
+
+const pool = new Pool({
+  connectionString: databaseUrl ?? "postgresql://cartsnitch:cartsnitch@localhost:5432/cartsnitch",
+});
+
 export const auth = betterAuth({
   database: pool,
   basePath: "/auth",

From a53daddb9a9a0ff7f91bdca8c1588d836e0804cb Mon Sep 17 00:00:00 2001
From: Barcode Betty <barcode-betty@paperclip.ing>
Date: Tue, 14 Apr 2026 16:09:48 +0000
Subject: [PATCH 2/2] fix: update vite to resolve high-severity audit
 vulnerability

---
 package-lock.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a56c4d4..709106e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9805,9 +9805,9 @@
       }
     },
     "node_modules/vite": {
-      "version": "6.4.1",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-6.4.1.tgz",
-      "integrity": "sha512-+Oxm7q9hDoLMyJOYfUYBuHQo+dkAloi33apOPP56pzj+vsdJDzr+j1NISE5pyaAuKL4A3UD34qd0lx5+kfKp2g==",
+      "version": "6.4.2",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-6.4.2.tgz",
+      "integrity": "sha512-2N/55r4JDJ4gdrCvGgINMy+HH3iRpNIz8K6SFwVsA+JbQScLiC+clmAxBgwiSPgcG9U15QmvqCGWzMbqda5zGQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {