Update Docker Compose and backend settings; enhance Vite configuration for reverse proxy and improve API error handling. Removed VITE_ALLOWED_HOSTS from Docker Compose, clarified allowed hosts in settings.py, and added handling for 403 Forbidden responses in api.ts to clear invalid tokens.

2025-11-15 13:12:01 +00:00
parent efd5ea6b4f
commit 8d7210c8a6
4 changed files with 32 additions and 6 deletions
--- a/frontend/src/services/api.ts
+++ b/frontend/src/services/api.ts
@@ -140,6 +140,24 @@ export async function fetchAPI(endpoint: string, options?: RequestInit & { timeo
    // Read response body once (can only be consumed once)
    const text = await response.text();

+    // Handle 403 Forbidden with authentication error - clear invalid tokens
+    if (response.status === 403) {
+      try {
+        const errorData = text ? JSON.parse(text) : null;
+        // Check if it's an authentication credentials error
+        if (errorData?.detail?.includes('Authentication credentials') || 
+            errorData?.message?.includes('Authentication credentials') ||
+            errorData?.error?.includes('Authentication credentials')) {
+          // Token is invalid - clear auth state and force re-login
+          const { logout } = useAuthStore.getState();
+          logout();
+          // Don't throw here - let the error handling below show the error
+        }
+      } catch (e) {
+        // If parsing fails, continue with normal error handling
+      }
+    }
+
    // Handle 401 Unauthorized - try to refresh token
    if (response.status === 401) {
      const refreshToken = getRefreshToken();
@@ -197,8 +215,14 @@ export async function fetchAPI(endpoint: string, options?: RequestInit & { timeo
            }
          }
        } catch (refreshError) {
-          // Refresh failed, continue with original error handling
+          // Refresh failed, clear auth state and force re-login
+          const { logout } = useAuthStore.getState();
+          logout();
        }
+      } else {
+        // No refresh token available, clear auth state
+        const { logout } = useAuthStore.getState();
+        logout();
      }
    }

--- a/frontend/vite.config.ts
+++ b/frontend/vite.config.ts
@@ -179,12 +179,14 @@ export default defineConfig(({ mode, command }) => {
        usePolling: true, // Needed for file watching in Docker
      },
      hmr: {
-        // Behind reverse proxy - use same origin strategy
+        // Behind reverse proxy - explicitly set host and port to public domain
        // Client connects via public domain on default HTTPS port (443)
        // Caddy automatically proxies WebSocket upgrades from 443 to dev port
        protocol: "wss",
-        // Don't specify host/port - Vite will use same origin as page
-        // This ensures client connects to wss://domain.com (port 443 implicit)
+        host: isMarketingDev ? "igny8.com" : "app.igny8.com", // Marketing uses igny8.com, main app uses app.igny8.com
+        clientPort: 443, // Explicitly set to 443 (HTTPS default) to prevent localhost fallback
+        // This ensures client connects to wss://domain.com:443
+        // and prevents fallback to localhost:5173/5174
      },
      // Increase timeout for slow connections and dependency pre-bundling
      timeout: 120000, // 120 seconds (2 minutes) to match Caddy timeout