Conversation
…loyment Enables deploying frontend to Vercel while running API on a separate server by making the API base URL configurable via NEXT_PUBLIC_API_BASE_URL env var. Also adds CORS headers support via CORS_ALLOWED_ORIGIN.
utils/api-base-url.ts:1 centralizes API_BASE_URL, trimming any trailing slash from NEXT_PUBLIC_API_BASE_URL. All callers concatenate their own /api/... paths, so this change removes subtle bugs where a configured base like https://example.com/ would yield double slashes in requests.
The admin list, login, and transfer detail pages
(pages/admin/index.tsx:1-43, pages/admin/login.tsx:8-33, pages/admin/transfer/[id].tsx:26-55)
now import API_BASE_URL so every admin fetch uses ${API_BASE_URL}/api/... instead of assuming same-origin.
This unblocks deploying the admin frontend separately from the API server.
lib/session.ts:15-24 introduces the ADMIN_COOKIE_DOMAIN env toggle so the iron-session cookie can be scoped to a shared parent domain when the API and frontend run on different hosts. Any admin-side fetch that needs to send/receive the session cookie now opts in with credentials: "include" (pages/admin/index.tsx:19-24, pages/admin/login.tsx:18-33, pages/admin/transfer/[id].tsx:39-96), ensuring the browser actually forwards the cookie even when calling a cross-origin API_BASE_URL.
pages/admin/index.tsx:63-133 replaced the previous direct TransferModel query with a server-side fetch
to the new /api/admin/transfers endpoint, forwarding cookies and redirecting when the session has expired;
this allows the same page logic to run whether the UI is deployed with or without direct DB access.
pages/admin/transfer/[id].tsx:35-288 follows the same pattern for the detail view: list/detail fetches
come from ${API_BASE_URL}/api/admin/transfers/:id, session enforcement is centralized through withSessionSsr,
and HTTP errors (401/404) now short-circuit to login/ not-found pages.
New API route files pages/api/admin/transfers/index.ts:1-43 and pages/api/admin/transfers/[id].ts:1-31 expose
paginated listing and detail lookups that were previously embedded in getServerSideProps, encapsulating
DB access behind adminSessionGuard.
jonathanlmatos
force-pushed
the
vercel-api-config
branch
from
42637c0 to
9343cb7
Compare
|
The admin UI now fetches transfer data through the new /api/admin/transfers endpoints (list and detail) instead of touching MongoDB directly, so SSR logic simply forwards cookies, handles 401/404 responses, and can run even when the frontend is deployed separately from the API/database. |
…t frontend/backend deploys Handle CORS and preflight at API guard/route level so OPTIONS is processed before auth, and remove invalid global wildcard+credentials headers. Complete API_BASE_URL adoption across remaining frontend calls and tighten method handling/docs to prevent admin login/session breakage in separated frontend/backend setups.
3 participants
No description provided.