rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-18 11:59:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: implement domain isolation system with API response sanitizer and interceptor scripts

Browse source
This commit is contained in:
WhiteX 2025-06-14 01:18:04 +03:00 committed by rzmk
parent 9bbcb58c79
commit 98b833c8ba
7 changed files with 322 additions and 233 deletions
Download patch file Download diff file Expand all files Collapse all files

240
Dockerfile_coolify
View file

@ -82,6 +82,11 @@ RUN if [ -f pnpm-lock.yaml ]; then \
RUN mkdir -p /app/web/public/images && \
echo "iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAABmJLR0QA/wD/AP+gvaeTAAADc0lEQVRoge2ZS0hUURjHf2fGcSaViDSJoKKSoiAzaGE9VrXIjRZBm2hVRG2iB0SPVUW7IM0ehLWIdlYQQY+FipWZWj0siJ60ygiziGye8870cWfuPJ1774yO9v/g4pz7+L7z/b/vnnvuOQMtWrT4lxH/OkHQWlpfqdedlo5T49wl1V9eclXkSLCtXeGDNvL5AFwoaa0CXhX0Qdpup8L7ddeiFNlL9gJLbOMCuOWkPXfSGvFvLWlLgAceUwFccdIGnbRG/HuB0x66KcBxJ21RmbsGOA/oveTx75YjwJMKthFgk5N2DICTNiJ8tmnGNdc7acNeOW3jw062J/Cu2HAKmOmkDQggpXxnGy4A9rhpRw5vZBJQWrEYs1qclECn/ekuYIHLbsSN+0CldLZhvQtnaQ7uEVXXgRNSytlCyhe28XrgdgMmcUWpdJr/5CRErbQe2GQbv6CUej0+Pl5XDD/UXQMKdVhpx4AO4KpS6pVdJ6X8KIR4YhveAOxvyGyOKDUBwKuXFxXwAdghhLhn1wkh7hGsEVv9DF4pTsmIMnz6M3mAZUqpm1LKjN1HSvm8XC5fsY0vBY7OH2p0pGJMtwExgA3AGSnlErvO5/M9EkI8tw3vALY3alSVT8mINhznfSNm3wFb/g+0ULIGNQ3a7wZ6hRDdNl1BKbVfCPHWNn4A2Duz2cwCLUMa9GnB7/evklKuUEq9K5VK72dmZsrVtKVSaSkwB3gqhPjmdW4t0DIkzuQdWnGMrvMZdFQxNniMrgDvMrDdQXcAOBTFtypp6SsZkDMg40DGOMZ0+ON0A1uBJNAP9ETxbwhaNgETZkUlwLqI/o1By1YgbdRfBvZE9G8MWnYAl4z664DvX/AJA1qeNupHgb1R/BuDlgfR923AL8w7HImwA2vpNRq/MO9wJMIOLKRH4x4GOqP4NwYt0/b5Y8DhiP6NQcvzRv0VYF8U/8agZR+Qwpw/tkfxbwxa7gLOovn9wN4o/g1By7TZWag+hzQctHwe7T2EudJrCUJDy3NgqGVIg/4RsMUFeYeWwE2rDoxhLvMqbAeOT/fkzYGJsNORT4tn+HzAHvSHAe0I4W7ZMA5cLBaLw+l0Op/L5Ubz+fw787ex6bpbNLuUT6Ct7Z4QYgnQabQV0BMuhxDilVKqh/8gYLO02q92i/8sPwESO6wpKl0UfgAAAABJRU5ErkJggg==" | base64 -d > /app/web/public/images/empty_avatar.png
# Copy domain isolation scripts to public directory
COPY ./extra/api-interceptor.js /app/web/public/api-interceptor.js
COPY ./extra/api-response-sanitizer.js /app/web/public/api-response-sanitizer.js
COPY ./extra/domain-isolation-loader.js /app/web/public/domain-isolation-loader.js
# Final image
FROM base AS runner
RUN addgroup --system --gid 1001 system \
@ -110,234 +115,15 @@ WORKDIR /app
COPY ./extra/nginx.conf /etc/nginx/conf.d/default.conf
ENV PORT=80 LEARNHOUSE_PORT=9000 HOSTNAME=0.0.0.0
COPY ./extra/start.sh /app/start.sh
RUN chmod +x /app/start.sh
COPY ./extra/runtime-config-start.sh /app/runtime-config-start.sh
# Add runtime configuration and enhanced patching
RUN echo '#!/bin/bash\n\
echo "Generating runtime configuration..."\n\
mkdir -p /app/web/public\n\
# Copy domain isolation loader to public folder\n\
cp /app/web/public/domain-isolation-loader.js /app/web/public/ 2>/dev/null || echo "Domain isolation loader not found in source, generating it..."\n\
# Generate runtime config\n\
cat > /app/web/public/runtime-config.js << EOF\n\
window.RUNTIME_CONFIG = {\n\
LEARNHOUSE_API_URL: "${NEXT_PUBLIC_LEARNHOUSE_API_URL:-}",\n\
LEARNHOUSE_BACKEND_URL: "${NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL:-}",\n\
LEARNHOUSE_DOMAIN: "${NEXT_PUBLIC_LEARNHOUSE_DOMAIN:-}",\n\
LEARNHOUSE_DEFAULT_ORG: "${NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG:-default}",\n\
LEARNHOUSE_MULTI_ORG: "${NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG:-false}",\n\
LEARNHOUSE_TOP_DOMAIN: "${NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN:-}"\n\
}\n\
EOF\n\
\n\
echo "Runtime configuration generated successfully"\n\
\n\
# Create an enhanced utility script to override all network requests with domain isolation\n\
cat > /app/web/public/api-interceptor.js << EOF\n\
(function() {\n\
// Get the current domain\n\
const currentDomain = window.location.hostname;\n\
console.log("[Domain Isolation] Current domain:", currentDomain);\n\
\n\
// Check if RUNTIME_CONFIG is available\n\
if (!window.RUNTIME_CONFIG) {\n\
console.warn("[Domain Isolation] Runtime config not found, creating empty one.");\n\
window.RUNTIME_CONFIG = {};\n\
}\n\
\n\
// Store the domain info globally\n\
window.LEARNHOUSE_DOMAIN = currentDomain;\n\
\n\
// 1. Intercept fetch API\n\
const originalFetch = window.fetch;\n\
window.fetch = function(url, options) {\n\
if (typeof url === "string") {\n\
try {\n\
// Handle both absolute and relative URLs\n\
const urlObj = new URL(url, window.location.origin);\n\
const targetDomain = urlObj.hostname;\n\
\n\
// If URL has a different domain than current domain, rewrite it\n\
if (targetDomain !== currentDomain) {\n\
// Allow external APIs like umami\n\
if (targetDomain.includes('api-gateway.umami.dev')) {\n\
return originalFetch(url, options);\n\
}\n\
\n\
console.warn("[Domain Isolation] Redirecting request to current domain:", url);\n\
const newUrl = url.replace(/https?:\\/\\/[^\\/]+/, window.location.origin);\n\
console.log("[Domain Isolation] New URL:", newUrl);\n\
return originalFetch(newUrl, options);\n\
}\n\
} catch (e) {\n\
console.error("[Domain Isolation] Error processing URL:", e);\n\
}\n\
}\n\
return originalFetch(url, options);\n\
};\n\
\n\
// 2. Intercept XMLHttpRequest\n\
const originalXHROpen = XMLHttpRequest.prototype.open;\n\
XMLHttpRequest.prototype.open = function(method, url, ...rest) {\n\
if (typeof url === "string") {\n\
try {\n\
const urlObj = new URL(url, window.location.origin);\n\
const targetDomain = urlObj.hostname;\n\
\n\
if (targetDomain !== currentDomain) {\n\
// Allow external APIs\n\
if (targetDomain.includes('api-gateway.umami.dev')) {\n\
return originalXHROpen.call(this, method, url, ...rest);\n\
}\n\
\n\
console.warn("[Domain Isolation] Redirecting XHR to current domain:", url);\n\
const newUrl = url.replace(/https?:\\/\\/[^\\/]+/, window.location.origin);\n\
console.log("[Domain Isolation] New XHR URL:", newUrl);\n\
return originalXHROpen.call(this, method, newUrl, ...rest);\n\
}\n\
} catch (e) {\n\
console.error("[Domain Isolation] Error processing XHR URL:", e);\n\
}\n\
}\n\
return originalXHROpen.call(this, method, url, ...rest);\n\
};\n\
\n\
// 3. Fix Next.js chunk loading issues\n\
const originalReactDOMCreateScriptHook = Object.getOwnPropertyDescriptor(HTMLScriptElement.prototype, 'src');\n\
if (originalReactDOMCreateScriptHook) {\n\
Object.defineProperty(HTMLScriptElement.prototype, 'src', {\n\
get: originalReactDOMCreateScriptHook.get,\n\
set: function(url) {\n\
if (typeof url === 'string') {\n\
try {\n\
const urlObj = new URL(url, window.location.origin);\n\
const targetDomain = urlObj.hostname;\n\
\n\
if (targetDomain !== currentDomain && url.includes('/next/static/chunks/')) {\n\
const newUrl = url.replace(/https?:\\/\\/[^\\/]+/, window.location.origin);\n\
console.warn("[Domain Isolation] Redirecting script src to current domain:", url);\n\
console.log("[Domain Isolation] New script src:", newUrl);\n\
return originalReactDOMCreateScriptHook.set.call(this, newUrl);\n\
}\n\
} catch (e) {\n\
console.error("[Domain Isolation] Error processing script URL:", e);\n\
}\n\
}\n\
return originalReactDOMCreateScriptHook.set.call(this, url);\n\
},\n\
configurable: true\n\
});\n\
}\n\
\n\
console.log("[Domain Isolation] Complete domain isolation system installed");\n\
})();\n\
EOF\n\
\n\
# Create API response sanitizer\n\
cat > /app/web/public/api-response-sanitizer.js << EOF\n\
/**\n\
* API Response Sanitizer\n\
* \n\
* This script specifically handles API responses to ensure they don't contain\n\
* URLs pointing to the wrong domain.\n\
*/\n\
(function() {\n\
console.log('[Domain Isolation] Installing API response sanitizer...');\n\
\n\
// Save reference to the original fetch\n\
const originalFetch = window.fetch;\n\
\n\
/**\n\
* Recursively sanitize objects to replace URLs from wrong domains\n\
*/\n\
function sanitizeObject(obj, currentDomain) {\n\
if (!obj || typeof obj !== 'object') return obj;\n\
\n\
// Handle arrays\n\
if (Array.isArray(obj)) {\n\
return obj.map(item => sanitizeObject(item, currentDomain));\n\
}\n\
\n\
// Handle objects\n\
const result = {};\n\
\n\
for (const [key, value] of Object.entries(obj)) {\n\
// Check if this is a URL string value\n\
if (typeof value === 'string' && \n\
(value.startsWith('http://') || value.startsWith('https://'))) {\n\
try {\n\
const url = new URL(value);\n\
if (url.hostname !== currentDomain && \n\
!url.hostname.includes('api-gateway.umami.dev')) {\n\
console.log(`[Sanitizer] Found cross-domain URL: ${value}`);\n\
const newValue = value.replace(url.hostname, currentDomain);\n\
result[key] = newValue;\n\
continue;\n\
}\n\
} catch (e) {\n\
// Not a valid URL, keep original value\n\
}\n\
}\n\
\n\
// Process nested objects/arrays\n\
if (value && typeof value === 'object') {\n\
result[key] = sanitizeObject(value, currentDomain);\n\
} else {\n\
result[key] = value;\n\
}\n\
}\n\
\n\
return result;\n\
}\n\
\n\
// Override fetch to sanitize responses\n\
window.fetch = async function(...args) {\n\
const currentDomain = window.location.hostname;\n\
\n\
// Call original fetch\n\
const response = await originalFetch.apply(this, args);\n\
\n\
// Clone the response so we can read it multiple times\n\
const clonedResponse = response.clone();\n\
\n\
// Only process JSON responses from API endpoints\n\
const contentType = response.headers.get('content-type');\n\
if (contentType && contentType.includes('application/json')) {\n\
\n\
try {\n\
// Read and parse the response\n\
const originalData = await clonedResponse.json();\n\
\n\
// Sanitize the data\n\
const sanitizedData = sanitizeObject(originalData, currentDomain);\n\
\n\
// Create a new response with sanitized data\n\
return new Response(JSON.stringify(sanitizedData), {\n\
status: response.status,\n\
statusText: response.statusText,\n\
headers: response.headers\n\
});\n\
} catch (e) {\n\
console.error('[Domain Isolation] Error sanitizing response:', e);\n\
return response; // Return original response on error\n\
}\n\
}\n\
\n\
return response;\n\
};\n\
\n\
console.log('[Domain Isolation] API response sanitizer installed');\n\
})();\n\
EOF\n\
\n\
echo "Enhanced patching of NextAuth cookies and domains..."\n\
find /app/web/.next -type f -name "*.js" -exec sed -i "s/domain:[^,}]*,/domain: undefined,/g" {} \\;\n\
find /app/web/.next -type f -name "*.js" -exec sed -i "s/domain: *process.env.LEARNHOUSE_COOKIE_DOMAIN/domain: undefined/g" {} \\;\n\
find /app/web/.next -type f -name "*.js" -exec sed -i "s/\.domain\s*=\s*[^;]*;/\.domain = undefined;/g" {} \\;\n\
echo "Cookie domain patches complete."\n\
\n\
echo "Starting application..."\n\
sh /app/start.sh' > /app/runtime-config-start.sh && chmod +x /app/runtime-config-start.sh
# Make the runtime script executable
RUN chmod +x /app/start.sh && chmod +x /app/runtime-config-start.sh
# Ensure the isolation scripts are available in the runner stage
COPY ./extra/api-interceptor.js /app/extra/api-interceptor.js
COPY ./extra/api-response-sanitizer.js /app/extra/api-response-sanitizer.js
COPY ./extra/domain-isolation-loader.js /app/extra/domain-isolation-loader.js
# Use the runtime config script
CMD ["/app/runtime-config-start.sh"]

12
docker-compose-coolify.yml
View file

@ -4,12 +4,12 @@ services:
context: .
dockerfile: Dockerfile_coolify
args:
- NEXT_PUBLIC_LEARNHOUSE_API_URL=${NEXT_PUBLIC_LEARNHOUSE_API_URL}
- NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL=${NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL}
- NEXT_PUBLIC_LEARNHOUSE_DOMAIN=${NEXT_PUBLIC_LEARNHOUSE_DOMAIN}
- NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG=${NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG}
- NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG=${NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG}
- NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN=${NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN}
- NEXT_PUBLIC_LEARNHOUSE_API_URL=${NEXT_PUBLIC_LEARNHOUSE_API_URL:-https://${HOSTNAME:-localhost}}
- NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL=${NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL:-https://${HOSTNAME:-localhost}}
- NEXT_PUBLIC_LEARNHOUSE_DOMAIN=${NEXT_PUBLIC_LEARNHOUSE_DOMAIN:-${HOSTNAME:-localhost}}
- NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG=${NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG:-default}
- NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG=${NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG:-false}
- NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN=${NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN:-${HOSTNAME:-localhost}}
# Mount the persistent volume to the actual uploads directory (/app/api/content)
volumes:
- app-uploads:/app/api/content

97
extra/api-interceptor.js Normal file
View file

@ -0,0 +1,97 @@
(function() {
// Get the current domain
const currentDomain = window.location.hostname;
console.log("[Domain Isolation] Current domain:", currentDomain);
// Check if RUNTIME_CONFIG is available
if (!window.RUNTIME_CONFIG) {
console.warn("[Domain Isolation] Runtime config not found, creating empty one.");
window.RUNTIME_CONFIG = {};
}
// Store the domain info globally
window.LEARNHOUSE_DOMAIN = currentDomain;
// 1. Intercept fetch API
const originalFetch = window.fetch;
window.fetch = function(url, options) {
if (typeof url === "string") {
try {
// Handle both absolute and relative URLs
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
// If URL has a different domain than current domain, rewrite it
if (targetDomain !== currentDomain) {
// Allow external APIs like umami
if (targetDomain.includes('api-gateway.umami.dev')) {
return originalFetch(url, options);
}
console.warn("[Domain Isolation] Redirecting request to current domain:", url);
const newUrl = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
console.log("[Domain Isolation] New URL:", newUrl);
return originalFetch(newUrl, options);
}
} catch (e) {
console.error("[Domain Isolation] Error processing URL:", e);
}
}
return originalFetch(url, options);
};
// 2. Intercept XMLHttpRequest
const originalXHROpen = XMLHttpRequest.prototype.open;
XMLHttpRequest.prototype.open = function(method, url, ...rest) {
if (typeof url === "string") {
try {
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
// Allow external APIs
if (targetDomain.includes('api-gateway.umami.dev')) {
return originalXHROpen.call(this, method, url, ...rest);
}
console.warn("[Domain Isolation] Redirecting XHR to current domain:", url);
const newUrl = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
console.log("[Domain Isolation] New XHR URL:", newUrl);
return originalXHROpen.call(this, method, newUrl, ...rest);
}
} catch (e) {
console.error("[Domain Isolation] Error processing XHR URL:", e);
}
}
return originalXHROpen.call(this, method, url, ...rest);
};
// 3. Fix Next.js chunk loading issues
const originalReactDOMCreateScriptHook = Object.getOwnPropertyDescriptor(HTMLScriptElement.prototype, 'src');
if (originalReactDOMCreateScriptHook) {
Object.defineProperty(HTMLScriptElement.prototype, 'src', {
get: originalReactDOMCreateScriptHook.get,
set: function(url) {
if (typeof url === 'string') {
try {
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain && url.includes('/next/static/chunks/')) {
const newUrl = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
console.warn("[Domain Isolation] Redirecting script src to current domain:", url);
console.log("[Domain Isolation] New script src:", newUrl);
return originalReactDOMCreateScriptHook.set.call(this, newUrl);
}
} catch (e) {
console.error("[Domain Isolation] Error processing script URL:", e);
}
}
return originalReactDOMCreateScriptHook.set.call(this, url);
},
configurable: true
});
}
console.log("[Domain Isolation] Complete domain isolation system installed");
})();

93
extra/api-response-sanitizer.js Normal file
View file

@ -0,0 +1,93 @@
/**
* API Response Sanitizer
*
* This script specifically handles API responses to ensure they don't contain
* URLs pointing to the wrong domain.
*/
(function() {
console.log('[Domain Isolation] Installing API response sanitizer...');
// Save reference to the original fetch
const originalFetch = window.fetch;
/**
* Recursively sanitize objects to replace URLs from wrong domains
*/
function sanitizeObject(obj, currentDomain) {
if (!obj || typeof obj !== 'object') return obj;
// Handle arrays
if (Array.isArray(obj)) {
return obj.map(item => sanitizeObject(item, currentDomain));
}
// Handle objects
const result = {};
for (const [key, value] of Object.entries(obj)) {
// Check if this is a URL string value
if (typeof value === 'string' &&
(value.startsWith('http://') || value.startsWith('https://'))) {
try {
const url = new URL(value);
if (url.hostname !== currentDomain &&
!url.hostname.includes('api-gateway.umami.dev')) {
console.log(`[Sanitizer] Found cross-domain URL: ${value}`);
const newValue = value.replace(url.hostname, currentDomain);
result[key] = newValue;
continue;
}
} catch (e) {
// Not a valid URL, keep original value
}
}
// Process nested objects/arrays
if (value && typeof value === 'object') {
result[key] = sanitizeObject(value, currentDomain);
} else {
result[key] = value;
}
}
return result;
}
// Override fetch to sanitize responses
window.fetch = async function(...args) {
const currentDomain = window.location.hostname;
// Call original fetch
const response = await originalFetch.apply(this, args);
// Clone the response so we can read it multiple times
const clonedResponse = response.clone();
// Only process JSON responses from API endpoints
const contentType = response.headers.get('content-type');
if (contentType && contentType.includes('application/json')) {
try {
// Read and parse the response
const originalData = await clonedResponse.json();
// Sanitize the data
const sanitizedData = sanitizeObject(originalData, currentDomain);
// Create a new response with sanitized data
return new Response(JSON.stringify(sanitizedData), {
status: response.status,
statusText: response.statusText,
headers: response.headers
});
} catch (e) {
console.error('[Domain Isolation] Error sanitizing response:', e);
return response; // Return original response on error
}
}
return response;
};
console.log('[Domain Isolation] API response sanitizer installed');
})();

82
extra/domain-isolation-loader.js Normal file
View file

@ -0,0 +1,82 @@
// Domain Isolation Loader
// This script loads before any other scripts to ensure all requests stay within the current domain
(function() {
console.log('[Domain Isolation] Initializing early domain isolation...');
// Override createElement to patch script elements before they load
const originalCreateElement = document.createElement.bind(document);
document.createElement = function(tagName) {
const element = originalCreateElement(tagName);
if (tagName.toLowerCase() === 'script') {
const originalSetAttribute = element.setAttribute.bind(element);
element.setAttribute = function(name, value) {
if (name === 'src' && typeof value === 'string') {
try {
const currentDomain = window.location.hostname;
const urlObj = new URL(value, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
console.warn('[Domain Isolation] Pre-load intercepted cross-domain script:', value);
value = value.replace(/https?:\/\/[^\/]+/, window.location.origin);
console.log('[Domain Isolation] Changed to:', value);
}
} catch (e) {
console.error('[Domain Isolation] Error processing script URL:', e);
}
}
return originalSetAttribute(name, value);
};
}
return element;
};
// Store original URL manipulation methods
window.__domainIsolationOriginals = {
fetch: window.fetch,
open: XMLHttpRequest.prototype.open
};
// Simple early fetch override
window.fetch = function(url, options) {
if (typeof url === 'string') {
try {
const currentDomain = window.location.hostname;
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
console.warn('[Domain Isolation] Early loader redirecting fetch:', url);
url = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
}
} catch (e) {
console.error('[Domain Isolation] Early loader error:', e);
}
}
return window.__domainIsolationOriginals.fetch.apply(this, arguments);
};
// Simple early XHR override
XMLHttpRequest.prototype.open = function(method, url, ...args) {
if (typeof url === 'string') {
try {
const currentDomain = window.location.hostname;
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
console.warn('[Domain Isolation] Early loader redirecting XHR:', url);
url = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
}
} catch (e) {
console.error('[Domain Isolation] Early loader error:', e);
}
}
return window.__domainIsolationOriginals.open.apply(this, [method, url, ...args]);
};
console.log('[Domain Isolation] Early domain isolation initialized');
})();

0
extra/patch-typescript.sh Normal file → Executable file
View file

31
extra/runtime-config-start.sh Executable file
View file

@ -0,0 +1,31 @@
#!/bin/bash
echo "Generating runtime configuration..."
mkdir -p /app/web/public
# Generate runtime config
cat > /app/web/public/runtime-config.js << EOF
window.RUNTIME_CONFIG = {
LEARNHOUSE_API_URL: "${NEXT_PUBLIC_LEARNHOUSE_API_URL:-}",
LEARNHOUSE_BACKEND_URL: "${NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL:-}",
LEARNHOUSE_DOMAIN: "${NEXT_PUBLIC_LEARNHOUSE_DOMAIN:-}",
LEARNHOUSE_DEFAULT_ORG: "${NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG:-default}",
LEARNHOUSE_MULTI_ORG: "${NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG:-false}",
LEARNHOUSE_TOP_DOMAIN: "${NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN:-}"
}
EOF
# Copy the pre-created isolation scripts to the public folder
cp /app/extra/api-interceptor.js /app/web/public/
cp /app/extra/api-response-sanitizer.js /app/web/public/
cp /app/extra/domain-isolation-loader.js /app/web/public/
echo "Runtime configuration generated successfully"
echo "Enhanced patching of NextAuth cookies and domains..."
find /app/web/.next -type f -name "*.js" -exec sed -i "s/domain:[^,}]*,/domain: undefined,/g" {} \;
find /app/web/.next -type f -name "*.js" -exec sed -i "s/domain: *process.env.LEARNHOUSE_COOKIE_DOMAIN/domain: undefined/g" {} \;
find /app/web/.next -type f -name "*.js" -exec sed -i "s/\.domain\s*=\s*[^;]*;/\.domain = undefined;/g" {} \;
echo "Cookie domain patches complete."
echo "Starting application..."
sh /app/start.sh