From e1f299fc8aaf43cfd63e9f117bae1d3fdee198c5 Mon Sep 17 00:00:00 2001
From: Bill Yang <45103519+goldflag@users.noreply.github.com>
Date: Sun, 16 Feb 2025 23:20:07 -0800
Subject: [PATCH] load trustedOrigins from db

---
 server/src/actions/sites/addSite.ts |  2 +-
 server/src/db/postgres/postgres.ts  |  2 +-
 server/src/index.ts                 | 27 +++++++++-------
 server/src/lib/auth.ts              | 49 +++++++++++++++++------------
 4 files changed, 47 insertions(+), 33 deletions(-)

diff --git a/server/src/actions/sites/addSite.ts b/server/src/actions/sites/addSite.ts
index 02b93df..39277eb 100644
--- a/server/src/actions/sites/addSite.ts
+++ b/server/src/actions/sites/addSite.ts
@@ -11,7 +11,7 @@ export async function addSite(
 ) {
   const { domain, name } = request.body;
 
-  const session = await auth.api.getSession({
+  const session = await auth!.api.getSession({
     headers: fromNodeHeaders(request.headers),
   });
 
diff --git a/server/src/db/postgres/postgres.ts b/server/src/db/postgres/postgres.ts
index f1df90d..6c1e8b2 100644
--- a/server/src/db/postgres/postgres.ts
+++ b/server/src/db/postgres/postgres.ts
@@ -110,7 +110,7 @@ export async function initializePostgres() {
     const user =
       await sql`SELECT count(*) FROM "user" WHERE username = 'admin'`;
     if (user.length === 0) {
-      auth.api.signUpEmail({
+      auth!.api.signUpEmail({
         body: {
           email: "test@test.com",
           username: "admin",
diff --git a/server/src/index.ts b/server/src/index.ts
index 100665a..37a6ef9 100644
--- a/server/src/index.ts
+++ b/server/src/index.ts
@@ -20,9 +20,9 @@ import { getPages } from "./api/getPages.js";
 import { getPageViews } from "./api/getPageViews.js";
 import { getReferrers } from "./api/getReferrers.js";
 import { initializeClickhouse } from "./db/clickhouse/clickhouse.js";
-import { initializePostgres } from "./db/postgres/postgres.js";
+import { initializePostgres, sql } from "./db/postgres/postgres.js";
 import { cleanupOldSessions } from "./db/postgres/session-cleanup.js";
-import { auth } from "./lib/auth.js";
+import { auth, initAuth } from "./lib/auth.js";
 import { mapHeaders } from "./lib/betterAuth.js";
 
 const __filename = fileURLToPath(import.meta.url);
@@ -39,13 +39,16 @@ const server = Fastify({
 });
 
 // Register CORS
-server.register(cors, {
-  origin: [
-    "http://localhost:3002",
-    "https://tracking.tomato.gg",
-    "https://tomato.gg",
-  ],
-  credentials: true,
+server.register(async (fastify) => {
+  const domains = await sql`SELECT domain FROM sites`;
+  fastify.register(cors, {
+    origin: [
+      "http://localhost:3002",
+      "https://tracking.tomato.gg",
+      ...domains.map(({ domain }) => `https://${domain}`),
+    ],
+    credentials: true,
+  });
 });
 
 // Serve static files
@@ -54,6 +57,8 @@ server.register(fastifyStatic, {
   prefix: "/", // or whatever prefix you need
 });
 
+await initAuth();
+
 server.register(
   async (fastify, options) => {
     await fastify.register((fastify) => {
@@ -77,7 +82,7 @@ server.register(
       });
     });
   },
-  { auth }
+  { auth: auth! }
 );
 
 server.addHook("onRequest", async (request, reply) => {
@@ -99,7 +104,7 @@ server.addHook("onRequest", async (request, reply) => {
     const headers = new Headers(request.headers as HeadersInit);
 
     // Get session from BetterAuth
-    const session = await auth.api.getSession({ headers });
+    const session = await auth!.api.getSession({ headers });
 
     if (!session) {
       return reply.status(401).send({ error: "Unauthorized" });
diff --git a/server/src/lib/auth.ts b/server/src/lib/auth.ts
index 474a5ce..8bc8fd9 100644
--- a/server/src/lib/auth.ts
+++ b/server/src/lib/auth.ts
@@ -2,26 +2,35 @@ import { betterAuth } from "better-auth";
 import pg from "pg";
 import { username } from "better-auth/plugins";
 import dotenv from "dotenv";
+import { sql } from "../db/postgres/postgres.js";
 
 dotenv.config();
 
-export const auth = betterAuth({
-  basePath: "/auth",
-  database: new pg.Pool({
-    host: process.env.POSTGRES_HOST || "postgres",
-    port: parseInt(process.env.POSTGRES_PORT || "5432", 10),
-    database: process.env.POSTGRES_DB,
-    user: process.env.POSTGRES_USER,
-    password: process.env.POSTGRES_PASSWORD,
-  }),
-  emailAndPassword: {
-    enabled: true,
-  },
-  plugins: [username()],
-  trustedOrigins: [
-    "http://localhost:3002",
-    "http://localhost:3001",
-    "https://tracking.tomato.gg",
-    "https://tomato.gg",
-  ],
-});
+type AuthType = ReturnType<typeof betterAuth> | null;
+
+export let auth: AuthType | null = null;
+
+export const initAuth = async () => {
+  const domains = await sql`SELECT domain FROM sites`;
+  console.info(domains);
+  auth = betterAuth({
+    basePath: "/auth",
+    database: new pg.Pool({
+      host: process.env.POSTGRES_HOST || "postgres",
+      port: parseInt(process.env.POSTGRES_PORT || "5432", 10),
+      database: process.env.POSTGRES_DB,
+      user: process.env.POSTGRES_USER,
+      password: process.env.POSTGRES_PASSWORD,
+    }),
+    emailAndPassword: {
+      enabled: true,
+    },
+    plugins: [username()],
+    trustedOrigins: [
+      "http://localhost:3002",
+      "http://localhost:3001",
+      "https://tracking.tomato.gg",
+      ...domains.map(({ domain }) => `https://${domain}`),
+    ],
+  });
+};