super evil commit

2026-04-19 16:28:17 +00:00 · 2025-12-12 14:31:49 -05:00 · 2025-12-12 14:31:49 -05:00 · 245dcfb815
commit 245dcfb815
parent cc8d491e96
8 changed files with 117 additions and 3 deletions
--- a/backend/Gemfile
+++ b/backend/Gemfile
@ -17,6 +17,7 @@ gem 'rackup'
 gem 'puma', '~> 7.1'

 gem 'rack', '~> 3.2'
+gem 'rack-cors'

 gem 'omniauth'
 gem 'omniauth_openid_connect'
--- a/backend/Gemfile.lock
+++ b/backend/Gemfile.lock
@ -140,6 +140,9 @@ GEM
    puma (7.1.0)
      nio4r (~> 2.0)
    rack (3.2.4)
+    rack-cors (3.0.0)
+      logger
+      rack (>= 3.0.14)
    rack-oauth2 (2.3.0)
      activesupport
      attr_required
@ -188,6 +191,7 @@ DEPENDENCIES
  omniauth_openid_connect
  puma (~> 7.1)
  rack (~> 3.2)
+  rack-cors
  rack-session
  rackup
  zeitwerk (~> 2.6)
--- a/backend/config.ru
+++ b/backend/config.ru
@ -6,9 +6,20 @@ Dotenv.load
 require_relative 'boot'
 require 'grape'
 require 'rack/session'
+require 'rack/cors'
 require 'omniauth'
 require 'omniauth_openid_connect'

+use Rack::Cors do
+  allow do
+    origins ENV.fetch('FRONTEND_URL', 'http://localhost:5173')
+    resource '*',
+      headers: :any,
+      methods: [:get, :post, :put, :patch, :delete, :options, :head],
+      credentials: true
+  end
+end
+
 use Rack::Session::Cookie,
    key: 'stickers.session',
    secret: ENV.fetch('SESSION_SECRET'),
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -9,12 +9,16 @@ services:
      - OIDC_CLIENT_ID
      - OIDC_CLIENT_SECRET
      - OIDC_REDIRECT_URI
+      - FRONTEND_URL=https://kks08kkcg88ckkcocwooc4ck.a.selfhosted.hackclub.com
+      - AIRTABLE_BASE_ID
+      - AIRTABLE_PAT

  frontend:
    build: .
    ports:
      - "3000:3000"
    environment:
-      - ORIGIN=https://stickers.hackclub.com
+      - ORIGIN=https://kks08kkcg88ckkcocwooc4ck.a.selfhosted.hackclub.com
+      - BACKEND_URL=http://backend:9292
    depends_on:
      - backend
--- a/src/lib/components/Navbar.svelte
+++ b/src/lib/components/Navbar.svelte
@ -41,7 +41,7 @@
        <a class="nav-link disabled">|Trade (soon)</a>
      </li>-->
      <li class="nav-item logout">
-        <a class="nav-link" href="http://localhost:9292/auth/logout">|Logout ⠀</a>
+        <a class="nav-link" href="/auth/logout">|Logout ⠀</a>
      </li>
    </ul>
    <span class="help-text">Made with &lt;3 by Nora and Euan</span>
--- a/src/routes/+page.svelte
+++ b/src/routes/+page.svelte
@ -4,7 +4,7 @@
  import Logo from '$lib/assets/images/hackClubLogo.png';

  function handleLogin() {
-    window.location.href = 'http://localhost:9292/auth/login';
+    window.location.href = '/auth/login';
  }
 </script>

--- a/src/routes/api/[...path]/+server.ts
+++ b/src/routes/api/[...path]/+server.ts
@ -0,0 +1,42 @@
+import { env } from '$env/dynamic/private';
+
+const backend = env.BACKEND_URL || 'http://localhost:9292';
+
+async function proxy({ request, params, cookies }: { request: Request; params: { path: string }; cookies: any }) {
+	const path = params.path || '';
+	const url = new URL(request.url);
+	const targetUrl = `${backend}/${path}${url.search}`;
+
+	const headers = new Headers(request.headers);
+	headers.delete('host');
+
+	const cookie = cookies.get('stickers.session');
+	if (cookie) {
+		headers.set('cookie', `stickers.session=${cookie}`);
+	}
+
+	const res = await fetch(targetUrl, {
+		method: request.method,
+		headers,
+		body: request.method !== 'GET' && request.method !== 'HEAD' ? await request.text() : undefined
+	});
+
+	const responseHeaders = new Headers(res.headers);
+	responseHeaders.delete('transfer-encoding');
+
+	const setCookie = res.headers.get('set-cookie');
+	if (setCookie) {
+		responseHeaders.set('set-cookie', setCookie);
+	}
+
+	return new Response(res.body, {
+		status: res.status,
+		headers: responseHeaders
+	});
+}
+
+export const GET = proxy;
+export const POST = proxy;
+export const PUT = proxy;
+export const PATCH = proxy;
+export const DELETE = proxy;
--- a/src/routes/auth/[...path]/+server.ts
+++ b/src/routes/auth/[...path]/+server.ts
@ -0,0 +1,52 @@
+import { env } from '$env/dynamic/private';
+import { redirect } from '@sveltejs/kit';
+
+const backend = env.BACKEND_URL || 'http://localhost:9292';
+
+async function proxy({ request, params, cookies }: { request: Request; params: { path: string }; cookies: any }) {
+	const path = params.path || '';
+	const url = new URL(request.url);
+	const targetUrl = `${backend}/auth/${path}${url.search}`;
+
+	const headers = new Headers(request.headers);
+	headers.delete('host');
+
+	const cookie = cookies.get('stickers.session');
+	if (cookie) {
+		headers.set('cookie', `stickers.session=${cookie}`);
+	}
+
+	const res = await fetch(targetUrl, {
+		method: request.method,
+		headers,
+		body: request.method !== 'GET' && request.method !== 'HEAD' ? await request.text() : undefined,
+		redirect: 'manual'
+	});
+
+	const setCookie = res.headers.get('set-cookie');
+	if (setCookie) {
+		const match = setCookie.match(/stickers\.session=([^;]+)/);
+		if (match) {
+			cookies.set('stickers.session', match[1], { path: '/', httpOnly: true, sameSite: 'lax', maxAge: 86400 * 7 });
+		}
+	}
+
+	if (res.status >= 300 && res.status < 400) {
+		const location = res.headers.get('location');
+		if (location) {
+			throw redirect(res.status as 301 | 302 | 303 | 307 | 308, location);
+		}
+	}
+
+	const responseHeaders = new Headers(res.headers);
+	responseHeaders.delete('transfer-encoding');
+	responseHeaders.delete('set-cookie');
+
+	return new Response(res.body, {
+		status: res.status,
+		headers: responseHeaders
+	});
+}
+
+export const GET = proxy;
+export const POST = proxy;