fix(#338): Standardize API base URL and auth mechanism across components
- Create centralized config module (apps/web/src/lib/config.ts) exporting: - API_BASE_URL: Main API server URL from NEXT_PUBLIC_API_URL - ORCHESTRATOR_URL: Orchestrator service URL from NEXT_PUBLIC_ORCHESTRATOR_URL - Helper functions for building full URLs - Update client.ts to import from central config - Update LoginButton.tsx to use API_BASE_URL from config - Update useWebSocket.ts to use API_BASE_URL from config - Update AgentStatusWidget.tsx to use ORCHESTRATOR_URL from config - Update TaskProgressWidget.tsx to use ORCHESTRATOR_URL from config - Update useGraphData.ts to use API_BASE_URL from config - Fixed wrong default port (was 8000, now uses correct 3001) - Add comprehensive tests for config module - Update useWebSocket tests to properly mock config module Refs #338 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
@@ -315,15 +315,23 @@ describe("useWebSocket", (): void => {
|
||||
describe("WSS enforcement", (): void => {
|
||||
afterEach((): void => {
|
||||
vi.unstubAllEnvs();
|
||||
vi.resetModules();
|
||||
});
|
||||
|
||||
it("should warn when using ws:// in production", (): void => {
|
||||
it("should warn when using ws:// in production", async (): Promise<void> => {
|
||||
const consoleWarnSpy = vi.spyOn(console, "warn").mockImplementation(() => undefined);
|
||||
|
||||
vi.stubEnv("NODE_ENV", "production");
|
||||
vi.stubEnv("NEXT_PUBLIC_API_URL", "http://insecure-server.com");
|
||||
|
||||
renderHook(() => useWebSocket("workspace-123", "token"));
|
||||
// Mock the config module to return insecure URL
|
||||
vi.doMock("@/lib/config", () => ({
|
||||
API_BASE_URL: "http://insecure-server.com",
|
||||
}));
|
||||
|
||||
// Re-import to get fresh module with mocked config
|
||||
const { useWebSocket: useWebSocketMocked } = await import("./useWebSocket");
|
||||
|
||||
renderHook(() => useWebSocketMocked("workspace-123", "token"));
|
||||
|
||||
expect(consoleWarnSpy).toHaveBeenCalledWith(expect.stringContaining("[Security Warning]"));
|
||||
expect(consoleWarnSpy).toHaveBeenCalledWith(expect.stringContaining("insecure protocol"));
|
||||
@@ -331,39 +339,60 @@ describe("useWebSocket", (): void => {
|
||||
consoleWarnSpy.mockRestore();
|
||||
});
|
||||
|
||||
it("should not warn when using https:// in production", (): void => {
|
||||
it("should not warn when using https:// in production", async (): Promise<void> => {
|
||||
const consoleWarnSpy = vi.spyOn(console, "warn").mockImplementation(() => undefined);
|
||||
|
||||
vi.stubEnv("NODE_ENV", "production");
|
||||
vi.stubEnv("NEXT_PUBLIC_API_URL", "https://secure-server.com");
|
||||
|
||||
renderHook(() => useWebSocket("workspace-123", "token"));
|
||||
// Mock the config module to return secure URL
|
||||
vi.doMock("@/lib/config", () => ({
|
||||
API_BASE_URL: "https://secure-server.com",
|
||||
}));
|
||||
|
||||
// Re-import to get fresh module with mocked config
|
||||
const { useWebSocket: useWebSocketMocked } = await import("./useWebSocket");
|
||||
|
||||
renderHook(() => useWebSocketMocked("workspace-123", "token"));
|
||||
|
||||
expect(consoleWarnSpy).not.toHaveBeenCalled();
|
||||
|
||||
consoleWarnSpy.mockRestore();
|
||||
});
|
||||
|
||||
it("should not warn when using wss:// in production", (): void => {
|
||||
it("should not warn when using wss:// in production", async (): Promise<void> => {
|
||||
const consoleWarnSpy = vi.spyOn(console, "warn").mockImplementation(() => undefined);
|
||||
|
||||
vi.stubEnv("NODE_ENV", "production");
|
||||
vi.stubEnv("NEXT_PUBLIC_API_URL", "wss://secure-server.com");
|
||||
|
||||
renderHook(() => useWebSocket("workspace-123", "token"));
|
||||
// Mock the config module to return secure WSS URL
|
||||
vi.doMock("@/lib/config", () => ({
|
||||
API_BASE_URL: "wss://secure-server.com",
|
||||
}));
|
||||
|
||||
// Re-import to get fresh module with mocked config
|
||||
const { useWebSocket: useWebSocketMocked } = await import("./useWebSocket");
|
||||
|
||||
renderHook(() => useWebSocketMocked("workspace-123", "token"));
|
||||
|
||||
expect(consoleWarnSpy).not.toHaveBeenCalled();
|
||||
|
||||
consoleWarnSpy.mockRestore();
|
||||
});
|
||||
|
||||
it("should not warn in development mode even with http://", (): void => {
|
||||
it("should not warn in development mode even with http://", async (): Promise<void> => {
|
||||
const consoleWarnSpy = vi.spyOn(console, "warn").mockImplementation(() => undefined);
|
||||
|
||||
vi.stubEnv("NODE_ENV", "development");
|
||||
vi.stubEnv("NEXT_PUBLIC_API_URL", "http://localhost:3001");
|
||||
|
||||
renderHook(() => useWebSocket("workspace-123", "token"));
|
||||
// Mock the config module to return insecure URL (but we're in dev mode)
|
||||
vi.doMock("@/lib/config", () => ({
|
||||
API_BASE_URL: "http://localhost:3001",
|
||||
}));
|
||||
|
||||
// Re-import to get fresh module with mocked config
|
||||
const { useWebSocket: useWebSocketMocked } = await import("./useWebSocket");
|
||||
|
||||
renderHook(() => useWebSocketMocked("workspace-123", "token"));
|
||||
|
||||
expect(consoleWarnSpy).not.toHaveBeenCalled();
|
||||
|
||||
|
||||
Reference in New Issue
Block a user