Backdoor Token Helper
@lib/backdoorToken/BackdoorToken.ts provides a guarded escape hatch that can reset a specific token’s usage record after it has been consumed. It exists for QA/demo flows where you need to reuse the same NFT without minting/burning every time.
How It Works
- Environment flags (
BACKDOOR_TOKEN,TOKEN_ID,BACKDOOR_ADDRESS) describe which token/address pair is eligible. /api/form-submission-gatecallsscheduleTokenReset(tokenId, address, reqId)after marking the token as used.- The helper validates inputs via shared Zod schemas, ensures the configured token/address match, and in production requires
BACKDOOR_ADDRESSto be set. - It loads the appropriate Prisma delegate and flips the
used,usedBy, andusedAtfields back to the unused state.
await scheduleTokenReset(42, '0xabc...', requestId);- In development, logs include loud emoji-prefixed messages indicating whether the backdoor was activated.
- In production, all messaging is intentionally vague (“Special handling activated”) so the feature can stay hidden.
⚠️
The helper is opt-in. If BACKDOOR_TOKEN or TOKEN_ID are missing, or the caller address doesn’t match, it simply returns without touching the database. Never enable it in production unless you truly need a reset mechanism and understand the security implications.
Environment Flags (server.env)
| Key | Description |
|---|---|
BACKDOOR_TOKEN | Master switch (true/false) |
TOKEN_ID | Numeric token ID that may be reset |
BACKDOOR_ADDRESS | Optional; required when NODE_ENV=production |