load trustedOrigins from db

server/src/actions/sites/addSite.ts

@@ -11,7 +11,7 @@ export async function addSite(
 ) {
   const { domain, name } = request.body;
 
-  const session = await auth.api.getSession({
+  const session = await auth!.api.getSession({
     headers: fromNodeHeaders(request.headers),
   });
 

server/src/db/postgres/postgres.ts

@@ -110,7 +110,7 @@ export async function initializePostgres() {
     const user =
       await sql`SELECT count(*) FROM "user" WHERE username = 'admin'`;
     if (user.length === 0) {
-      auth.api.signUpEmail({
+      auth!.api.signUpEmail({
         body: {
           email: "test@test.com",
           username: "admin",

server/src/index.ts

@@ -20,9 +20,9 @@ import { getPages } from "./api/getPages.js";
 import { getPageViews } from "./api/getPageViews.js";
 import { getReferrers } from "./api/getReferrers.js";
 import { initializeClickhouse } from "./db/clickhouse/clickhouse.js";
-import { initializePostgres } from "./db/postgres/postgres.js";
+import { initializePostgres, sql } from "./db/postgres/postgres.js";
 import { cleanupOldSessions } from "./db/postgres/session-cleanup.js";
-import { auth } from "./lib/auth.js";
+import { auth, initAuth } from "./lib/auth.js";
 import { mapHeaders } from "./lib/betterAuth.js";
 
 const __filename = fileURLToPath(import.meta.url);
@@ -39,14 +39,17 @@ const server = Fastify({
 });
 
 // Register CORS
-server.register(cors, {
+server.register(async (fastify) => {
+  const domains = await sql`SELECT domain FROM sites`;
+  fastify.register(cors, {
     origin: [
       "http://localhost:3002",
       "https://tracking.tomato.gg",
-    "https://tomato.gg",
+      ...domains.map(({ domain }) => `https://${domain}`),
     ],
     credentials: true,
   });
+});
 
 // Serve static files
 server.register(fastifyStatic, {
@@ -54,6 +57,8 @@ server.register(fastifyStatic, {
   prefix: "/", // or whatever prefix you need
 });
 
+await initAuth();
+
 server.register(
   async (fastify, options) => {
     await fastify.register((fastify) => {
@@ -77,7 +82,7 @@ server.register(
       });
     });
   },
-  { auth }
+  { auth: auth! }
 );
 
 server.addHook("onRequest", async (request, reply) => {
@@ -99,7 +104,7 @@ server.addHook("onRequest", async (request, reply) => {
     const headers = new Headers(request.headers as HeadersInit);
 
     // Get session from BetterAuth
-    const session = await auth.api.getSession({ headers });
+    const session = await auth!.api.getSession({ headers });
 
     if (!session) {
       return reply.status(401).send({ error: "Unauthorized" });

server/src/lib/auth.ts

@@ -2,10 +2,18 @@ import { betterAuth } from "better-auth";
 import pg from "pg";
 import { username } from "better-auth/plugins";
 import dotenv from "dotenv";
+import { sql } from "../db/postgres/postgres.js";
 
 dotenv.config();
 
-export const auth = betterAuth({
+type AuthType = ReturnType<typeof betterAuth> | null;
+
+export let auth: AuthType | null = null;
+
+export const initAuth = async () => {
+  const domains = await sql`SELECT domain FROM sites`;
+  console.info(domains);
+  auth = betterAuth({
     basePath: "/auth",
     database: new pg.Pool({
       host: process.env.POSTGRES_HOST || "postgres",
@@ -22,6 +30,7 @@ export const auth = betterAuth({
       "http://localhost:3002",
       "http://localhost:3001",
       "https://tracking.tomato.gg",
-    "https://tomato.gg",
+      ...domains.map(({ domain }) => `https://${domain}`),
     ],
   });
+};