rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-18 11:59:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: remove domain isolation scripts and related components for cleanup

Browse source
This commit is contained in:
WhiteX 2025-06-14 10:18:11 +03:00 committed by rzmk
parent 98b833c8ba
commit f46f4dd552
13 changed files with 73 additions and 837 deletions
Download patch file Download diff file Expand all files Collapse all files

147
Dockerfile_coolify
View file

@ -13,8 +13,41 @@ RUN curl -fsSL https://deb.nodesource.com/setup_21.x | bash - \
&& npm install -g corepack pm2
# Frontend Build
FROM base AS deps
FROM base AS builder
WORKDIR /app/web
# Install dependencies based on the preferred package manager
COPY ./apps/web/package.json ./apps/web/pnpm-lock.yaml* ./apps/web/.npmrc* ./
# Omit --production flag for TypeScript devDependencies
RUN \
if [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm i --frozen-lockfile; \
elif [ -f package-lock.json ]; then npm ci; \
else echo "Warning: Lockfile not found. It is recommended to commit lockfiles to version control." && npm install; \
fi
COPY ./apps/web/app ./app
COPY ./apps/web/components ./components
COPY ./apps/web/hooks ./hooks
COPY ./apps/web/lib ./lib
COPY ./apps/web/pages ./pages
COPY ./apps/web/public ./public
COPY ./apps/web/services ./services
COPY ./apps/web/styles ./styles
COPY ./apps/web/types ./types
COPY ./apps/web/utils ./utils
COPY ./apps/web/next.config.js .
COPY ./apps/web/tsconfig.json .
COPY ./apps/web/tailwind.config.js .
COPY ./apps/web/postcss.config.js .
COPY ./apps/web/components.json .
COPY ./apps/web/middleware.ts .
COPY ./apps/web/instrumentation.ts .
# Remove any environment files that might interfere
RUN rm -f .env*
# Environment variables must be present at build time
ARG NEXT_PUBLIC_LEARNHOUSE_API_URL
ARG NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL
ARG NEXT_PUBLIC_LEARNHOUSE_DOMAIN
@ -29,63 +62,16 @@ ENV NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG=${NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG}
ENV NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG=${NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG}
ENV NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN=${NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN}
WORKDIR /app/web
COPY ./apps/web/package.json ./apps/web/pnpm-lock.yaml* ./
COPY ./extra/patch-typescript.sh /app/patch-typescript.sh
COPY ./apps/web /app/web
RUN rm -f .env*
# Next.js collects completely anonymous telemetry data about general usage
# Disable telemetry at build time
ENV NEXT_TELEMETRY_DISABLED 1
# Patch TypeScript issues using our comprehensive script
RUN chmod +x /app/patch-typescript.sh && /app/patch-typescript.sh
# Create a modified next.config.js that completely disables type checking
RUN if [ -f next.config.js ]; then \
cat next.config.js > next.config.js.bak && \
echo "console.log('Using custom Next.js config with TypeScript checking disabled');" > next.config.js && \
echo "const originalConfig = require('./next.config.js.bak');" >> next.config.js && \
echo "module.exports = {" >> next.config.js && \
echo " ...originalConfig," >> next.config.js && \
echo " typescript: { ignoreBuildErrors: true }," >> next.config.js && \
echo " eslint: { ignoreDuringBuilds: true }," >> next.config.js && \
echo " webpack: (config, options) => {" >> next.config.js && \
echo " config.infrastructureLogging = { level: 'error' };" >> next.config.js && \
echo " if (originalConfig.webpack) {" >> next.config.js && \
echo " return originalConfig.webpack(config, options);" >> next.config.js && \
echo " }" >> next.config.js && \
echo " return config;" >> next.config.js && \
echo " }" >> next.config.js && \
echo "};" >> next.config.js; \
else \
echo "console.log('Creating new Next.js config with TypeScript checking disabled');" > next.config.js && \
echo "module.exports = {" >> next.config.js && \
echo " typescript: { ignoreBuildErrors: true }," >> next.config.js && \
echo " eslint: { ignoreDuringBuilds: true }," >> next.config.js && \
echo " webpack: (config) => {" >> next.config.js && \
echo " config.infrastructureLogging = { level: 'error' };" >> next.config.js && \
echo " return config;" >> next.config.js && \
echo " }" >> next.config.js && \
echo "};" >> next.config.js; \
fi
# Allow build to continue with type errors
RUN if [ -f pnpm-lock.yaml ]; then \
corepack enable pnpm && \
pnpm i --frozen-lockfile && \
pnpm add @types/react@latest @types/node@latest next-navigation@latest typescript@latest --save-dev && \
echo '{ "scripts": { "build:ignore-ts": "NEXT_TELEMETRY_DISABLED=1 SKIP_TYPE_CHECK=true TS_NODE_TRANSPILE_ONLY=true next build" } }' > .npmrc-scripts.json && \
pnpm pkg set scripts.build:ignore-ts="NEXT_TELEMETRY_DISABLED=1 SKIP_TYPE_CHECK=true TS_NODE_TRANSPILE_ONLY=true next build" && \
NODE_OPTIONS=--max-old-space-size=6144 NEXT_IGNORE_TYPE_ERROR=true SKIP_TYPE_CHECK=true TS_NODE_TRANSPILE_ONLY=true pnpm run build:ignore-ts; \
else echo "Lockfile not found." && exit 1; \
fi
# Make sure the images directory exists in public folder with a placeholder avatar
RUN mkdir -p /app/web/public/images && \
echo "iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAABmJLR0QA/wD/AP+gvaeTAAADc0lEQVRoge2ZS0hUURjHf2fGcSaViDSJoKKSoiAzaGE9VrXIjRZBm2hVRG2iB0SPVUW7IM0ehLWIdlYQQY+FipWZWj0siJ60ygiziGye8870cWfuPJ1774yO9v/g4pz7+L7z/b/vnnvuOQMtWrT4lxH/OkHQWlpfqdedlo5T49wl1V9eclXkSLCtXeGDNvL5AFwoaa0CXhX0Qdpup8L7ddeiFNlL9gJLbOMCuOWkPXfSGvFvLWlLgAceUwFccdIGnbRG/HuB0x66KcBxJ21RmbsGOA/oveTx75YjwJMKthFgk5N2DICTNiJ8tmnGNdc7acNeOW3jw062J/Cu2HAKmOmkDQggpXxnGy4A9rhpRw5vZBJQWrEYs1qclECn/ekuYIHLbsSN+0CldLZhvQtnaQ7uEVXXgRNSytlCyhe28XrgdgMmcUWpdJr/5CRErbQe2GQbv6CUej0+Pl5XDD/UXQMKdVhpx4AO4KpS6pVdJ6X8KIR4YhveAOxvyGyOKDUBwKuXFxXwAdghhLhn1wkh7hGsEVv9DF4pTsmIMnz6M3mAZUqpm1LKjN1HSvm8XC5fsY0vBY7OH2p0pGJMtwExgA3AGSnlErvO5/M9EkI8tw3vALY3alSVT8mINhznfSNm3wFb/g+0ULIGNQ3a7wZ6hRDdNl1BKbVfCPHWNn4A2Duz2cwCLUMa9GnB7/evklKuUEq9K5VK72dmZsrVtKVSaSkwB3gqhPjmdW4t0DIkzuQdWnGMrvMZdFQxNniMrgDvMrDdQXcAOBTFtypp6SsZkDMg40DGOMZ0+ON0A1uBJNAP9ETxbwhaNgETZkUlwLqI/o1By1YgbdRfBvZE9G8MWnYAl4z664DvX/AJA1qeNupHgb1R/BuDlgfR923AL8w7HImwA2vpNRq/MO9wJMIOLKRH4x4GOqP4NwYt0/b5Y8DhiP6NQcvzRv0VYF8U/8agZR+Qwpw/tkfxbwxa7gLOovn9wN4o/g1By7TZWag+hzQctHwe7T2EudJrCUJDy3NgqGVIg/4RsMUFeYeWwE2rDoxhLvMqbAeOT/fkzYGJsNORT4tn+HzAHvSHAe0I4W7ZMA5cLBaLw+l0Op/L5Ubz+fw787ex6bpbNLuUT6Ct7Z4QYgnQabQV0BMuhxDilVKqh/8gYLO02q92i/8sPwESO6wpKl0UfgAAAABJRU5ErkJggg==" | base64 -d > /app/web/public/images/empty_avatar.png
# Copy domain isolation scripts to public directory
COPY ./extra/api-interceptor.js /app/web/public/api-interceptor.js
COPY ./extra/api-response-sanitizer.js /app/web/public/api-response-sanitizer.js
COPY ./extra/domain-isolation-loader.js /app/web/public/domain-isolation-loader.js
# Build Next.js based on the preferred package manager
RUN \
if [ -f pnpm-lock.yaml ]; then pnpm build; \
elif [ -f package-lock.json ]; then npm run build; \
else npm run build; \
fi
# Final image
FROM base AS runner
@ -93,20 +79,39 @@ RUN addgroup --system --gid 1001 system \
&& adduser --system --uid 1001 app \
&& mkdir .next \
&& chown app:system .next
COPY --from=deps /app/web/public ./app/web/public
COPY --from=deps --chown=app:system /app/web/.next/standalone ./app/web/
COPY --from=deps --chown=app:system /app/web/.next/static ./app/web/.next/static
COPY --from=builder /app/web/public ./app/web/public
# Automatically leverage output traces to reduce image size
# https://nextjs.org/docs/advanced-features/output-file-tracing
COPY --from=builder --chown=app:system /app/web/.next/standalone ./app/web/
COPY --from=builder --chown=app:system /app/web/.next/static ./app/web/.next/static
# Environment variables must be redefined at run time
ARG NEXT_PUBLIC_LEARNHOUSE_API_URL
ARG NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL
ARG NEXT_PUBLIC_LEARNHOUSE_DOMAIN
ARG NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG
ARG NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG
ARG NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN
ENV NEXT_PUBLIC_LEARNHOUSE_API_URL=${NEXT_PUBLIC_LEARNHOUSE_API_URL}
ENV NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL=${NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL}
ENV NEXT_PUBLIC_LEARNHOUSE_DOMAIN=${NEXT_PUBLIC_LEARNHOUSE_DOMAIN}
ENV NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG=${NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG}
ENV NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG=${NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG}
ENV NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN=${NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN}
# Backend Build
WORKDIR /app/api
COPY ./apps/api/pyproject.toml ./
COPY ./apps/api/uv.lock ./
COPY ./apps/api/pyproject.toml ./
# Install dependencies with proper flags and fallback to pip if needed
# Install dependencies with uv (fallback to pip if needed)
RUN pip install --upgrade pip && \
pip install uv && \
(uv pip sync --system --python=python3.12 || pip install -e .) && \
pip install uvicorn # Ensure at least the ASGI server is available
(uv sync --system || pip install -e .) && \
pip install uvicorn
COPY ./apps/api ./
@ -115,15 +120,9 @@ WORKDIR /app
COPY ./extra/nginx.conf /etc/nginx/conf.d/default.conf
ENV PORT=80 LEARNHOUSE_PORT=9000 HOSTNAME=0.0.0.0
COPY ./extra/start.sh /app/start.sh
COPY ./extra/runtime-config-start.sh /app/runtime-config-start.sh
# Make the runtime script executable
RUN chmod +x /app/start.sh && chmod +x /app/runtime-config-start.sh
# Make the start script executable
RUN chmod +x /app/start.sh
# Ensure the isolation scripts are available in the runner stage
COPY ./extra/api-interceptor.js /app/extra/api-interceptor.js
COPY ./extra/api-response-sanitizer.js /app/extra/api-response-sanitizer.js
COPY ./extra/domain-isolation-loader.js /app/extra/domain-isolation-loader.js
# Use the runtime config script
CMD ["/app/runtime-config-start.sh"]
# Use the start script
CMD ["sh", "/app/start.sh"]

60
apps/web/components/Avatar/SafeAvatar.tsx
View file

@ -1,60 +0,0 @@
import React from 'react'
import Image from 'next/image'
interface SafeAvatarProps {
src?: string
alt: string
size?: number
className?: string
}
/**
* SafeAvatar component that ensures correct domain for avatar images
*/
const SafeAvatar: React.FC<SafeAvatarProps> = ({
src,
alt,
size = 40,
className
}) => {
// Default empty avatar path that uses relative URL (domain-safe)
const defaultAvatarSrc = '/images/empty_avatar.png'
// Handle potentially cross-domain avatar URLs
const sanitizedSrc = React.useMemo(() => {
if (!src) return defaultAvatarSrc
try {
// Check if the URL has a domain
const url = new URL(src, window.location.origin)
// If the URL is from a different domain, use the default avatar
if (url.hostname !== window.location.hostname) {
console.warn(`[SafeAvatar] Detected cross-domain avatar: ${src}`)
return defaultAvatarSrc
}
return src
} catch (e) {
// If parsing fails, just use the src as is (could be a relative path)
return src
}
}, [src])
return (
<Image
src={sanitizedSrc}
alt={alt}
width={size}
height={size}
className={className}
onError={(e) => {
// If image fails to load, fallback to default
const target = e.target as HTMLImageElement
target.src = defaultAvatarSrc
}}
/>
)
}
export default SafeAvatar

72
apps/web/middleware.js
View file

@ -1,72 +0,0 @@
import { NextResponse } from 'next/server';
// This middleware runs on every request
export function middleware(request) {
// Get the current hostname from the request headers
const currentHostname = request.headers.get('host');
// Always inspect for cross-domain requests regardless of referrer
const url = request.nextUrl.clone();
const path = url.pathname;
// Check for common patterns that might indicate cross-domain content
// 1. Handle image files that might be requested from the wrong domain
if (path.endsWith('.png') || path.endsWith('.jpg') || path.endsWith('.jpeg') ||
path.endsWith('.gif') || path.endsWith('.webp') || path.endsWith('.svg')) {
// Ensure image path is properly routed to current domain
if (path.includes('empty_avatar.png')) {
console.log(`Intercepting image request: ${path}`);
// Rewrite all empty_avatar.png requests to use the local domain
return NextResponse.rewrite(new URL(`/images/empty_avatar.png`, request.url));
}
}
// 2. Check if request is going to the wrong domain through API path
if (path.includes('/api/') && request.headers.has('referer')) {
const refererUrl = new URL(request.headers.get('referer'));
// If referer domain doesn't match the requested API domain, redirect
if (refererUrl.hostname !== currentHostname) {
console.log(`Redirecting cross-domain API request: ${path}`);
const newUrl = new URL(path, `https://${currentHostname}`);
return NextResponse.redirect(newUrl);
}
}
// Get the referrer URL if it exists
const referer = request.headers.get('referer');
// If there is a referrer, check if it's from a different domain
if (referer) {
try {
const refererUrl = new URL(referer);
const refererHostname = refererUrl.hostname;
// If the referrer hostname doesn't match the current hostname
if (refererHostname !== currentHostname) {
console.log(`Cross-domain request detected: ${refererHostname} -> ${currentHostname}`);
// For path segments that might include another domain
if (path.includes('/next/static/') || path.includes('/api/')) {
// Ensure all paths use the current hostname
// This prevents asset URL problems when different hostnames appear in the path
const localPath = path.replace(/https?:\/\/[^\/]+/, '');
url.pathname = localPath;
return NextResponse.rewrite(url);
}
}
} catch (e) {
console.error('Error processing referer in middleware:', e);
}
}
// Continue with the request as normal
return NextResponse.next();
}
// Configure which paths this middleware will run on
export const config = {
matcher: [
// Apply to all paths
'/:path*',
],
};

22
apps/web/pages/_document.js
View file

@ -1,22 +0,0 @@
import { Html, Head, Main, NextScript } from 'next/document';
export default function Document() {
return (
<Html lang="en">
<Head>
{/* Load domain isolation loader first - immediate protection */}
<script src="/domain-isolation-loader.js" strategy="beforeInteractive" />
{/* Load runtime configuration */}
<script src="/runtime-config.js" strategy="beforeInteractive" />
{/* Load comprehensive API interceptor */}
<script src="/api-interceptor.js" strategy="beforeInteractive" />
{/* Load API response sanitizer */}
<script src="/api-response-sanitizer.js" strategy="beforeInteractive" />
</Head>
<body>
<Main />
<NextScript />
</body>
</Html>
);
}

94
apps/web/public/api-response-sanitizer.js
View file

@ -1,94 +0,0 @@
/**
* API Response Sanitizer
*
* This script specifically handles API responses to ensure they don't contain
* URLs pointing to the wrong domain.
*/
(function() {
console.log('[Domain Isolation] Installing API response sanitizer...');
// Save reference to the original fetch
const originalFetch = window.fetch;
/**
* Recursively sanitize objects to replace URLs from wrong domains
*/
function sanitizeObject(obj, currentDomain) {
if (!obj || typeof obj !== 'object') return obj;
// Handle arrays
if (Array.isArray(obj)) {
return obj.map(item => sanitizeObject(item, currentDomain));
}
// Handle objects
const result = {};
for (const [key, value] of Object.entries(obj)) {
// Check if this is a URL string value
if (typeof value === 'string' &&
(value.startsWith('http://') || value.startsWith('https://'))) {
try {
const url = new URL(value);
if (url.hostname !== currentDomain &&
!url.hostname.includes('api-gateway.umami.dev')) {
console.log(`[Sanitizer] Found cross-domain URL: ${value}`);
const newValue = value.replace(url.hostname, currentDomain);
result[key] = newValue;
continue;
}
} catch (e) {
// Not a valid URL, keep original value
}
}
// Process nested objects/arrays
if (value && typeof value === 'object') {
result[key] = sanitizeObject(value, currentDomain);
} else {
result[key] = value;
}
}
return result;
}
// Override fetch to sanitize responses
window.fetch = async function(...args) {
const currentDomain = window.location.hostname;
// Call original fetch
const response = await originalFetch.apply(this, args);
// Clone the response so we can read it multiple times
const clonedResponse = response.clone();
// Only process JSON responses from API endpoints
const contentType = response.headers.get('content-type');
if (contentType && contentType.includes('application/json') &&
(args[0].includes('/api/') || args[0].includes('api/v1'))) {
try {
// Read and parse the response
const originalData = await clonedResponse.json();
// Sanitize the data
const sanitizedData = sanitizeObject(originalData, currentDomain);
// Create a new response with sanitized data
return new Response(JSON.stringify(sanitizedData), {
status: response.status,
statusText: response.statusText,
headers: response.headers
});
} catch (e) {
console.error('[Domain Isolation] Error sanitizing response:', e);
return response; // Return original response on error
}
}
return response;
};
console.log('[Domain Isolation] API response sanitizer installed');
})();

82
apps/web/public/domain-isolation-loader.js
View file

@ -1,82 +0,0 @@
// Domain Isolation Loader
// This script loads before any other scripts to ensure all requests stay within the current domain
(function() {
console.log('[Domain Isolation] Initializing early domain isolation...');
// Override createElement to patch script elements before they load
const originalCreateElement = document.createElement.bind(document);
document.createElement = function(tagName) {
const element = originalCreateElement(tagName);
if (tagName.toLowerCase() === 'script') {
const originalSetAttribute = element.setAttribute.bind(element);
element.setAttribute = function(name, value) {
if (name === 'src' && typeof value === 'string') {
try {
const currentDomain = window.location.hostname;
const urlObj = new URL(value, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
console.warn('[Domain Isolation] Pre-load intercepted cross-domain script:', value);
value = value.replace(/https?:\/\/[^\/]+/, window.location.origin);
console.log('[Domain Isolation] Changed to:', value);
}
} catch (e) {
console.error('[Domain Isolation] Error processing script URL:', e);
}
}
return originalSetAttribute(name, value);
};
}
return element;
};
// Store original URL manipulation methods
window.__domainIsolationOriginals = {
fetch: window.fetch,
open: XMLHttpRequest.prototype.open
};
// Simple early fetch override
window.fetch = function(url, options) {
if (typeof url === 'string') {
try {
const currentDomain = window.location.hostname;
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
console.warn('[Domain Isolation] Early loader redirecting fetch:', url);
url = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
}
} catch (e) {
console.error('[Domain Isolation] Early loader error:', e);
}
}
return window.__domainIsolationOriginals.fetch.apply(this, arguments);
};
// Simple early XHR override
XMLHttpRequest.prototype.open = function(method, url, ...args) {
if (typeof url === 'string') {
try {
const currentDomain = window.location.hostname;
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
console.warn('[Domain Isolation] Early loader redirecting XHR:', url);
url = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
}
} catch (e) {
console.error('[Domain Isolation] Early loader error:', e);
}
}
return window.__domainIsolationOriginals.open.apply(this, [method, url, ...args]);
};
console.log('[Domain Isolation] Early domain isolation initialized');
})();

19
apps/web/tsconfig.build.json
View file

@ -1,19 +0,0 @@
{
"extends": "./tsconfig.json",
"compilerOptions": {
"noEmit": true,
"allowJs": true,
"skipLibCheck": true,
"noImplicitAny": false,
"strictNullChecks": false,
"strictPropertyInitialization": false
},
"include": [
"next-env.d.ts",
"**/*.ts",
"**/*.tsx"
],
"exclude": [
"node_modules"
]
}

59
apps/web/utils/apiClient.js
View file

@ -1,59 +0,0 @@
import { getApiUrl } from './runtimeConfig';
/**
* Creates an API client that uses runtime configuration
* @returns {Object} API client object with fetch method
*/
export function createApiClient() {
return {
/**
* Fetch data from the API with the correct runtime URL
* @param {string} path - API path to fetch from
* @param {Object} options - Fetch options
* @returns {Promise<any>} - JSON response
*/
fetch: async (path, options = {}) => {
const url = getApiUrl(path);
console.log(`[API] Fetching from: ${url}`);
const response = await fetch(url, options);
if (!response.ok) {
throw new Error(`API request failed: ${response.status}`);
}
return response.json();
},
/**
* Post data to the API with the correct runtime URL
* @param {string} path - API path to post to
* @param {Object} data - Data to post
* @param {Object} options - Additional fetch options
* @returns {Promise<any>} - JSON response
*/
post: async (path, data, options = {}) => {
const url = getApiUrl(path);
console.log(`[API] Posting to: ${url}`);
const response = await fetch(url, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
...options.headers,
},
body: JSON.stringify(data),
...options,
});
if (!response.ok) {
throw new Error(`API request failed: ${response.status}`);
}
return response.json();
}
};
}
// Create a singleton instance for easier imports
export const apiClient = createApiClient();

52
apps/web/utils/runtimeConfig.js
View file

@ -1,52 +0,0 @@
/**
* Utility functions to access runtime configuration values
*/
/**
* Gets configuration from runtime values (window.RUNTIME_CONFIG) with fallback to environment variables
* This ensures dynamic configuration at runtime instead of build time
*/
export function useRuntimeConfig() {
// For server-side rendering, use environment variables
if (typeof window === 'undefined') {
return {
apiUrl: process.env.NEXT_PUBLIC_LEARNHOUSE_API_URL,
backendUrl: process.env.NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL,
domain: process.env.NEXT_PUBLIC_LEARNHOUSE_DOMAIN,
defaultOrg: process.env.NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG || 'default',
multiOrg: process.env.NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG === 'true',
topDomain: process.env.NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN
};
}
// For client-side, prioritize runtime config over baked-in environment variables
const config = window.RUNTIME_CONFIG || {};
return {
apiUrl: config.LEARNHOUSE_API_URL || process.env.NEXT_PUBLIC_LEARNHOUSE_API_URL,
backendUrl: config.LEARNHOUSE_BACKEND_URL || process.env.NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL,
domain: config.LEARNHOUSE_DOMAIN || process.env.NEXT_PUBLIC_LEARNHOUSE_DOMAIN,
defaultOrg: config.LEARNHOUSE_DEFAULT_ORG || process.env.NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG || 'default',
multiOrg: config.LEARNHOUSE_MULTI_ORG === 'true' || process.env.NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG === 'true',
topDomain: config.LEARNHOUSE_TOP_DOMAIN || process.env.NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN
};
}
/**
* Gets the API URL with the correct domain
* @param {string} path - The API path
* @returns {string} - The complete API URL
*/
export function getApiUrl(path) {
const config = useRuntimeConfig();
return `${config.apiUrl || `https://${config.domain}/api/v1/`}${path}`;
}
/**
* Gets the backend URL with the correct domain
* @param {string} path - The backend path
* @returns {string} - The complete backend URL
*/
export function getBackendUrl(path) {
const config = useRuntimeConfig();
return `${config.backendUrl || `https://${config.domain}/`}${path}`;
}

97
extra/api-interceptor.js
View file

@ -1,97 +0,0 @@
(function() {
// Get the current domain
const currentDomain = window.location.hostname;
console.log("[Domain Isolation] Current domain:", currentDomain);
// Check if RUNTIME_CONFIG is available
if (!window.RUNTIME_CONFIG) {
console.warn("[Domain Isolation] Runtime config not found, creating empty one.");
window.RUNTIME_CONFIG = {};
}
// Store the domain info globally
window.LEARNHOUSE_DOMAIN = currentDomain;
// 1. Intercept fetch API
const originalFetch = window.fetch;
window.fetch = function(url, options) {
if (typeof url === "string") {
try {
// Handle both absolute and relative URLs
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
// If URL has a different domain than current domain, rewrite it
if (targetDomain !== currentDomain) {
// Allow external APIs like umami
if (targetDomain.includes('api-gateway.umami.dev')) {
return originalFetch(url, options);
}
console.warn("[Domain Isolation] Redirecting request to current domain:", url);
const newUrl = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
console.log("[Domain Isolation] New URL:", newUrl);
return originalFetch(newUrl, options);
}
} catch (e) {
console.error("[Domain Isolation] Error processing URL:", e);
}
}
return originalFetch(url, options);
};
// 2. Intercept XMLHttpRequest
const originalXHROpen = XMLHttpRequest.prototype.open;
XMLHttpRequest.prototype.open = function(method, url, ...rest) {
if (typeof url === "string") {
try {
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
// Allow external APIs
if (targetDomain.includes('api-gateway.umami.dev')) {
return originalXHROpen.call(this, method, url, ...rest);
}
console.warn("[Domain Isolation] Redirecting XHR to current domain:", url);
const newUrl = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
console.log("[Domain Isolation] New XHR URL:", newUrl);
return originalXHROpen.call(this, method, newUrl, ...rest);
}
} catch (e) {
console.error("[Domain Isolation] Error processing XHR URL:", e);
}
}
return originalXHROpen.call(this, method, url, ...rest);
};
// 3. Fix Next.js chunk loading issues
const originalReactDOMCreateScriptHook = Object.getOwnPropertyDescriptor(HTMLScriptElement.prototype, 'src');
if (originalReactDOMCreateScriptHook) {
Object.defineProperty(HTMLScriptElement.prototype, 'src', {
get: originalReactDOMCreateScriptHook.get,
set: function(url) {
if (typeof url === 'string') {
try {
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain && url.includes('/next/static/chunks/')) {
const newUrl = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
console.warn("[Domain Isolation] Redirecting script src to current domain:", url);
console.log("[Domain Isolation] New script src:", newUrl);
return originalReactDOMCreateScriptHook.set.call(this, newUrl);
}
} catch (e) {
console.error("[Domain Isolation] Error processing script URL:", e);
}
}
return originalReactDOMCreateScriptHook.set.call(this, url);
},
configurable: true
});
}
console.log("[Domain Isolation] Complete domain isolation system installed");
})();

93
extra/api-response-sanitizer.js
View file

@ -1,93 +0,0 @@
/**
* API Response Sanitizer
*
* This script specifically handles API responses to ensure they don't contain
* URLs pointing to the wrong domain.
*/
(function() {
console.log('[Domain Isolation] Installing API response sanitizer...');
// Save reference to the original fetch
const originalFetch = window.fetch;
/**
* Recursively sanitize objects to replace URLs from wrong domains
*/
function sanitizeObject(obj, currentDomain) {
if (!obj || typeof obj !== 'object') return obj;
// Handle arrays
if (Array.isArray(obj)) {
return obj.map(item => sanitizeObject(item, currentDomain));
}
// Handle objects
const result = {};
for (const [key, value] of Object.entries(obj)) {
// Check if this is a URL string value
if (typeof value === 'string' &&
(value.startsWith('http://') || value.startsWith('https://'))) {
try {
const url = new URL(value);
if (url.hostname !== currentDomain &&
!url.hostname.includes('api-gateway.umami.dev')) {
console.log(`[Sanitizer] Found cross-domain URL: ${value}`);
const newValue = value.replace(url.hostname, currentDomain);
result[key] = newValue;
continue;
}
} catch (e) {
// Not a valid URL, keep original value
}
}
// Process nested objects/arrays
if (value && typeof value === 'object') {
result[key] = sanitizeObject(value, currentDomain);
} else {
result[key] = value;
}
}
return result;
}
// Override fetch to sanitize responses
window.fetch = async function(...args) {
const currentDomain = window.location.hostname;
// Call original fetch
const response = await originalFetch.apply(this, args);
// Clone the response so we can read it multiple times
const clonedResponse = response.clone();
// Only process JSON responses from API endpoints
const contentType = response.headers.get('content-type');
if (contentType && contentType.includes('application/json')) {
try {
// Read and parse the response
const originalData = await clonedResponse.json();
// Sanitize the data
const sanitizedData = sanitizeObject(originalData, currentDomain);
// Create a new response with sanitized data
return new Response(JSON.stringify(sanitizedData), {
status: response.status,
statusText: response.statusText,
headers: response.headers
});
} catch (e) {
console.error('[Domain Isolation] Error sanitizing response:', e);
return response; // Return original response on error
}
}
return response;
};
console.log('[Domain Isolation] API response sanitizer installed');
})();

82
extra/domain-isolation-loader.js
View file

@ -1,82 +0,0 @@
// Domain Isolation Loader
// This script loads before any other scripts to ensure all requests stay within the current domain
(function() {
console.log('[Domain Isolation] Initializing early domain isolation...');
// Override createElement to patch script elements before they load
const originalCreateElement = document.createElement.bind(document);
document.createElement = function(tagName) {
const element = originalCreateElement(tagName);
if (tagName.toLowerCase() === 'script') {
const originalSetAttribute = element.setAttribute.bind(element);
element.setAttribute = function(name, value) {
if (name === 'src' && typeof value === 'string') {
try {
const currentDomain = window.location.hostname;
const urlObj = new URL(value, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
console.warn('[Domain Isolation] Pre-load intercepted cross-domain script:', value);
value = value.replace(/https?:\/\/[^\/]+/, window.location.origin);
console.log('[Domain Isolation] Changed to:', value);
}
} catch (e) {
console.error('[Domain Isolation] Error processing script URL:', e);
}
}
return originalSetAttribute(name, value);
};
}
return element;
};
// Store original URL manipulation methods
window.__domainIsolationOriginals = {
fetch: window.fetch,
open: XMLHttpRequest.prototype.open
};
// Simple early fetch override
window.fetch = function(url, options) {
if (typeof url === 'string') {
try {
const currentDomain = window.location.hostname;
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
console.warn('[Domain Isolation] Early loader redirecting fetch:', url);
url = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
}
} catch (e) {
console.error('[Domain Isolation] Early loader error:', e);
}
}
return window.__domainIsolationOriginals.fetch.apply(this, arguments);
};
// Simple early XHR override
XMLHttpRequest.prototype.open = function(method, url, ...args) {
if (typeof url === 'string') {
try {
const currentDomain = window.location.hostname;
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
console.warn('[Domain Isolation] Early loader redirecting XHR:', url);
url = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
}
} catch (e) {
console.error('[Domain Isolation] Early loader error:', e);
}
}
return window.__domainIsolationOriginals.open.apply(this, [method, url, ...args]);
};
console.log('[Domain Isolation] Early domain isolation initialized');
})();

31
extra/runtime-config-start.sh
View file

@ -1,31 +0,0 @@
#!/bin/bash
echo "Generating runtime configuration..."
mkdir -p /app/web/public
# Generate runtime config
cat > /app/web/public/runtime-config.js << EOF
window.RUNTIME_CONFIG = {
LEARNHOUSE_API_URL: "${NEXT_PUBLIC_LEARNHOUSE_API_URL:-}",
LEARNHOUSE_BACKEND_URL: "${NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL:-}",
LEARNHOUSE_DOMAIN: "${NEXT_PUBLIC_LEARNHOUSE_DOMAIN:-}",
LEARNHOUSE_DEFAULT_ORG: "${NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG:-default}",
LEARNHOUSE_MULTI_ORG: "${NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG:-false}",
LEARNHOUSE_TOP_DOMAIN: "${NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN:-}"
}
EOF
# Copy the pre-created isolation scripts to the public folder
cp /app/extra/api-interceptor.js /app/web/public/
cp /app/extra/api-response-sanitizer.js /app/web/public/
cp /app/extra/domain-isolation-loader.js /app/web/public/
echo "Runtime configuration generated successfully"
echo "Enhanced patching of NextAuth cookies and domains..."
find /app/web/.next -type f -name "*.js" -exec sed -i "s/domain:[^,}]*,/domain: undefined,/g" {} \;
find /app/web/.next -type f -name "*.js" -exec sed -i "s/domain: *process.env.LEARNHOUSE_COOKIE_DOMAIN/domain: undefined/g" {} \;
find /app/web/.next -type f -name "*.js" -exec sed -i "s/\.domain\s*=\s*[^;]*;/\.domain = undefined;/g" {} \;
echo "Cookie domain patches complete."
echo "Starting application..."
sh /app/start.sh