feat(api): add SCREENSHOT_API_SECRET to environment and use it in screenshot requests

[B-a-l-aj-i]

Summary by CodeRabbit

• Security
  • Server and background screenshot requests now include an Authorization bearer token to the external screenshot service.
  • New required server environment variable SCREENSHOT_API_SECRET added; example environment file and build/task environment lists updated.
  • Request/response handling and endpoint behavior remain unchanged aside from authentication.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
recollect	Ready	Preview	Apr 1, 2026 8:34am

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: e4caf6d9-68ed-47b3-a292-ecea0abc2967

📥 Commits

Reviewing files that changed from the base of the PR and between bd7dd05 and 975e38a.

📒 Files selected for processing (1)

• .env.example

✅ Files skipped from review due to trivial changes (1)

• .env.example

---

📝 Walkthrough

Walkthrough

Adds a required server env var SCREENSHOT_API_SECRET and uses it to send Authorization: Bearer <secret> on outbound requests to the external screenshot service from server endpoints and worker code.

Changes

Cohort / File(s)	Summary
Env schema & example src/env/server.ts, .env.example	Added SCREENSHOT_API_SECRET to server runtime validation and example env file.
Pages API (legacy routes) src/pages/api/bookmark/add-url-screenshot.ts, src/pages/api/v1/screenshot.ts	Axios/fetch outbound calls to the screenshot service now include Authorization: Bearer ${env.SCREENSHOT_API_SECRET}.
App router API (new routes) src/app/api/v2/bookmark/add-url-screenshot/route.ts, src/app/api/v2/screenshot/route.ts	Fetch calls to the screenshot service updated to include Authorization: Bearer ${env.SCREENSHOT_API_SECRET} header.
Tooling config turbo.json	Added SCREENSHOT_API_SECRET to the build:next task environment variable list.

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• navin-moorthy

Poem

🐰 I found a secret, tucked and sweet,
A Bearer token snug and neat,
Headers hop on every call,
Screenshots safe — I guard them all,
Little paws, big netted feat.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding SCREENSHOT_API_SECRET to environment configuration and using it in screenshot requests, which aligns with the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/screenshot-api-secret

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/env/server.ts`:
- Line 18: Add a placeholder for SCREENSHOT_API_SECRET to the .env.example
SECURITY section so local startups don't fail; update the SECURITY block to
include an entry like SCREENSHOT_API_SECRET=<placeholder> with a short comment
describing its purpose (e.g., "API secret for screenshot service") so developers
know to set it before running code that reads SCREENSHOT_API_SECRET from
src/env/server.ts.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: fabe01f0-c0a2-44f9-97e4-86bb7ebd8668

📥 Commits

Reviewing files that changed from the base of the PR and between b608655 and e9ce3f5.

📒 Files selected for processing (3)

• src/env/server.ts
• src/pages/api/bookmark/add-url-screenshot.ts
• src/pages/api/v1/screenshot.ts

[B-a-l-aj-i]

In port 3001 screenshot api is running, the screenshot api need's a secret to process request.

recollect-screenshot-test-secret-1774858670375.mp4

Note: Need to update vercel env after merging.

[navin-moorthy]

Also need to change in V2 endpoints

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.env.example:
- Line 99: The file `.env.example` is missing a trailing newline after the last
entry `SCREENSHOT_API_SECRET=your-screenshot-api-secret`; open `.env.example`
and add a single newline character (blank line) at EOF so the file ends with a
trailing newline to satisfy dotenv-linter.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 5d9c16bd-d689-4365-a18c-f85318de32d1

📥 Commits

Reviewing files that changed from the base of the PR and between e9ce3f5 and bd7dd05.

📒 Files selected for processing (5)

• .env.example
• src/app/api/v2/bookmark/add-url-screenshot/route.ts
• src/app/api/v2/screenshot/route.ts
• src/pages/api/v1/screenshot.ts
• turbo.json

✅ Files skipped from review due to trivial changes (2)

• src/pages/api/v1/screenshot.ts
• turbo.json