fix: resolve frontend env variable mismatch and improve password error handling

[unsiqasik]

Summary

Fixes two frontend issues:

Frontend env variable mismatch (Issue #276)

• Problem: reads but defines
• Fix: Updated to check both variables with fallback:

  const envUrl = import.meta.env.VITE_BACKEND_URL || import.meta.env.VITE_API_URL;

• Impact: Local development now works with either variable name

Password handling error (Issue #253)

• Problem: Supabase raw error shown to users: Password should contain at least one character of each: abcdefghijklmnopqrstuvwxyz, ABCDEFGHIJKLMNOPQRSTUVWXYZ, 0123456789.
• Fix: Added user-friendly error message:
  Password must contain at least: 8 characters, one uppercase letter (A-Z), one lowercase letter (a-z), and one number (0-9).
• Impact: Clear, actionable password requirements for users

Testing

• Verified and both work
• Password error message displays correctly for invalid passwords

Closes #276, Closes #253

Summary by CodeRabbit

Bug Fixes

• Enhanced error messaging during signup to display clearer, user-friendly password validation feedback, helping users better understand specific requirements.

[vercel]

Someone is attempting to deploy a commit to the ritesh Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR addresses two distinct bugs: environment variable mismatch in backend URL configuration that prevents local development, and inconsistent Supabase password validation error messaging in signup forms. Changes standardize environment variable handling and normalize password constraint errors.

Changes

Bug fixes for environment configuration and signup error handling

Layer / File(s)	Summary
Backend URL environment variable compatibility Frontend/src/config.js	getBackendUrl now checks both VITE_BACKEND_URL and legacy VITE_API_URL environment variables, enabling backward compatibility while supporting new configuration naming. Default production fallback and URL normalization unchanged.
Password validation error message normalization Frontend/src/pages/Signup.jsx	Signup error handler detects Supabase password requirement validation phrases and consolidates them into a single standardized message for better user clarity.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 A rabbit squared configs with care,
Dual variables now find their pair,
Then tamed password errors wild,
Made signup messages user-friendly styled! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly summarizes both main changes: fixing the environment variable mismatch and improving password error handling, directly matching the changeset objectives.
Linked Issues check	✅ Passed	The PR addresses both linked issues: #276 is resolved by making config.js check both VITE_BACKEND_URL and VITE_API_URL variables, and #253 is resolved by normalizing Supabase password validation errors to user-friendly messages in Signup.jsx.
Out of Scope Changes check	✅ Passed	All changes are within scope: config.js modification directly addresses #276, and Signup.jsx changes directly address #253; no unrelated modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

Frontend/src/pages/Signup.jsx (1)

172-172: ⚡ Quick win

Consider case-insensitive error message matching.

The error detection uses case-sensitive includes() which could miss variations in casing. Using toLowerCase() would make the detection more robust.

♻️ Proposed fix for case-insensitive matching

-      if (errMsg.includes("Password should contain") || errMsg.includes("at least one character")) {
+      if (errMsg.toLowerCase().includes("password should contain") || errMsg.toLowerCase().includes("at least one character")) {
         errMsg = "Password must contain at least: 8 characters, one uppercase letter (A-Z), one lowercase letter (a-z), and one number (0-9).";
       }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Frontend/src/pages/Signup.jsx` at line 172, The error check in Signup.jsx
uses case-sensitive includes on errMsg which can miss differently-cased
messages; update the condition that references errMsg to perform
case-insensitive matching by normalizing errMsg to lowercase (e.g., use (errMsg
|| "").toLowerCase()) and compare against lowercase substrings for both checks
("password should contain" and "at least one character"), replacing the existing
includes calls in the if condition.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@Frontend/src/pages/Signup.jsx`:
- Line 172: The error check in Signup.jsx uses case-sensitive includes on errMsg
which can miss differently-cased messages; update the condition that references
errMsg to perform case-insensitive matching by normalizing errMsg to lowercase
(e.g., use (errMsg || "").toLowerCase()) and compare against lowercase
substrings for both checks ("password should contain" and "at least one
character"), replacing the existing includes calls in the if condition.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9f24ee73-0180-49f8-9574-9ebf34f65cc8

📥 Commits

Reviewing files that changed from the base of the PR and between fb6a950 and b5d1e9f.

📒 Files selected for processing (2)

• Frontend/src/config.js
• Frontend/src/pages/Signup.jsx

[gitguardian]

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Since your pull request originates from a forked repository, GitGuardian is not able to associate the secrets uncovered with secret incidents on your GitGuardian dashboard.
Skipping this check run and merging your pull request will create secret incidents on your GitGuardian dashboard.

🔎 Detected hardcoded secret in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
29368972	Triggered	Supabase Service Role JWT	b460068	scratch/test_companies.js	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secret safely. Learn here the best practices.
3. Revoke and rotate this secret.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

[ritesh-1918]

Hi @unsiqasik! Thanks for the contribution. I have successfully converted your PR's target branch to gssoc to keep our codebase unified.

PR approved and merged! Welcome to the family! 🚀💻

---

🌟 Developer Action Network

Before starting or submitting updates, please complete these quick onboarding steps:

1. ⭐ Star this repository: https://github.com/ritesh-1918/HELPDESK.AI
2. 👤 Follow the Project Admin: https://github.com/ritesh-1918
3. 💼 Connect on LinkedIn: https://www.linkedin.com/in/ritesh1908/

Note: All PR branches must target the gssoc branch, NOT main.