Minor bug fixes #1

[Yusuf023]

List of bugs fixed:
React version mismatch with dependencies - Rolled back to React v18 and Next.js v14 to sync with external libraries that do not support React v19

Cors resolution - Fixed Cors issues in auth flow and proxy

API URL Correction - Changed meeting baas API URL from staging api to live api

Auth redirect issue - Corrected auth redirect url to redirect to web URL instead of API endpoint
IMPORTANT: Requires creating a new .env key in root env named VITE_WEB_URL with value as the URL of the web app (https://app.transcriptseeker.com/)

Runtime error fix: fixed error on settings page when user isn't authenticated

[coderabbitai]

Summary by CodeRabbit

• New Features

  • Introduced a dynamic web URL setting that now drives social sign–in callbacks and API routing.
  • Added middleware to improve handling of CORS and proxy requests for both API endpoints and file transfers.
  • Enhanced session state management, providing clearer feedback during loading and error conditions.

• Documentation

  • Updated configuration examples and setup instructions with corrected endpoint URLs and new environment variable guidance.

• Chores

  • Revised dependency versions and streamlined configuration settings, including updated protocols for local development.

Walkthrough

This pull request introduces several updates to the project's configuration and dependencies. New environment variables, including VITE_WEB_URL and NITRO_WEB_URL, are added, while existing API URLs are corrected to remove hyphens. Middleware enhancements improve CORS handling and API proxying for MeetingBaas and S3 endpoints. The authentication configuration in the API and session management in web components are refined. Additionally, package dependencies transition from React 19-specific versions to more general or React 18 specifications, along with adjustments to project tooling configurations like .gitignore, pnpm-workspace, and turbo.json.

Changes

File(s) / Group	Change Summary
.env.example, apps/api/.env.example, apps/proxy/.env.example	Added/updated environment variables: new VITE_WEB_URL and NITRO_WEB_URL, and corrected MEETINGBAAS_API_URL / NITRO_MEETINGBAAS_API_URL (removed hyphen).
.gitignore	Added entry to ignore .pnpm-store/*.
apps/api/README.md	Added NITRO_WEB_URL in the setup instructions.
apps/api/src/lib/auth.ts	Added a new trustedOrigins property to the authentication configuration.
apps/docs/content/docs/concepts/environment-variables.mdx, apps/docs/next.config.mjs	Updated documentation URL references and removed the serverExternalPackages property.
apps/proxy/nitro.config.ts	Updated runtime configuration: corrected MEETINGBAAS_API_URL and added a new constant NITRO_WEB_URL, replacing the old routeRules with a runtimeConfig section.
apps/proxy/package.json	Added a new dependency: "h3-proxy": "^1.13.0".
apps/proxy/server/middleware/cors.ts, apps/proxy/server/middleware/meetingbaas-proxy.ts, apps/proxy/server/middleware/s3-proxy.ts	Introduced new middleware for CORS handling and proxying for MeetingBaas and S3 endpoints.
apps/web/package.json, package.json, packages/shared/package.json, packages/ui/package.json, pnpm-workspace.yaml	Updated dependency version specifications: shifted from specific React 19 catalog entries to more general or React 18-based references, and updated versions for Next, React, and associated type definitions.
turbo.json	Added VITE_WEB_URL to the globalEnv array.
apps/web/src/components/settings/settings-form.tsx, apps/web/src/lib/constants.ts, apps/web/src/routes/login.tsx	Enhanced session state handling and error reporting in the settings form; introduced the VITE_WEB_URL constant in web components and used it to create a dynamic login callback URL.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Proxy as "Proxy Middleware"
    participant API as "MeetingBaas API"
    
    Client->>Proxy: Send request to /api/meetingbaas/...
    Proxy->>API: Rewrite URL and forward request
    API-->>Proxy: Return API response
    Proxy-->>Client: Deliver response

Loading

sequenceDiagram
    participant User
    participant Browser
    participant WebApp as "Login Route"
    participant Auth as "Authentication Service"
    
    User->>Browser: Navigate to Login Page
    Browser->>WebApp: Load login component (with VITE_WEB_URL)
    WebApp->>Auth: Call signIn.social(callbackURL from VITE_WEB_URL)
    Auth-->>WebApp: Return authentication result
    WebApp-->>Browser: Render login outcome

Loading

Poem

Oh, I hopped into a code-filled glade,
Where VITE_WEB_URL and NITRO_WEB_URL were laid.
API paths now shine without a dash in sight,
Middleware whispers send data just right.
With catalog changes and settings so bright,
My rabbit heart dances in pure delight! 🐰✨

Tip

⚡💬 Agentic Chat (Pro Plan, General Availability)

• We're introducing multi-step agentic chat in review comments and issue comments, within and outside of PR's. This feature enhances review and issue discussions with the CodeRabbit agentic chat by enabling advanced interactions, including the ability to create pull requests directly from comments and add commits to existing pull requests.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e055aea and ffcedc8.

📒 Files selected for processing (4)

• .env.example (1 hunks)
• CONTRIBUTING.md (2 hunks)
• apps/proxy/server/middleware/cors.ts (1 hunks)
• apps/web/package.json (3 hunks)

🧰 Additional context used

🪛 LanguageTool

CONTRIBUTING.md

[uncategorized] ~94-~94: Loose punctuation mark.
Context: ...Default is 0.0.0.0. - VITE_PROXY_URL: URL to the proxy server. This can be us...

(UNLIKELY_OPENING_PUNCTUATION)

🔇 Additional comments (9)

CONTRIBUTING.md (2)

94-94: Updated proxy URL protocol in documentation

The example URL for VITE_PROXY_URL has been updated from HTTPS to HTTP, which aligns with the changes in .env.example. This ensures consistency in documentation and actual configuration examples.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~94-~94: Loose punctuation mark.
Context: ...Default is 0.0.0.0. - VITE_PROXY_URL: URL to the proxy server. This can be us...

(UNLIKELY_OPENING_PUNCTUATION)

---

132-132: Improved document formatting

Added a blank line before the code block for lint fixes, improving readability and consistency with other sections in the document.

.env.example (3)

6-6: Protocol change for VITE_PROXY_URL

Changed the proxy URL from HTTPS to HTTP for local development, which resolves potential CORS issues when working with localhost. This is a sensible default for development environments.

---

9-9: Protocol change for VITE_API_URL

Updated API URL protocol from HTTPS to HTTP for local development, maintaining consistency with other URL changes and simplifying local development setup.

---

11-12: Added VITE_WEB_URL environment variable

This new environment variable is crucial for the authentication redirect fix mentioned in the PR objectives. It correctly points to the web application URL instead of the API endpoint for authentication callbacks.

apps/proxy/server/middleware/cors.ts (4)

1-3: Added necessary imports for CORS middleware

The imports for useRuntimeConfig, defineEventHandler, and handleCors are correctly included, making the middleware functional.

---

4-6: Proper event handler setup with config validation

The middleware correctly uses defineEventHandler and includes error handling for the trustedOrigins configuration, addressing a previous review comment.

---

7-14: Well-configured CORS settings

The CORS configuration is comprehensive, properly handling:

• Dynamic trusted origins (from runtime config)
• Preflight requests with appropriate status code
• Credentials support for authenticated requests
• All HTTP methods

This implementation helps resolve the CORS issues mentioned in the PR objectives.

---

16-20: Proper request flow handling

The middleware correctly exits early when CORS is handled and includes a comment about continuing to the next handler for non-CORS requests, addressing a previous review comment.

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 7

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3b831dd and 093bea3.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (23)

• .env.example (1 hunks)
• .gitignore (1 hunks)
• apps/api/.env.example (1 hunks)
• apps/api/README.md (1 hunks)
• apps/api/src/lib/auth.ts (1 hunks)
• apps/docs/content/docs/concepts/environment-variables.mdx (2 hunks)
• apps/docs/next.config.mjs (0 hunks)
• apps/docs/package.json (2 hunks)
• apps/proxy/.env.example (1 hunks)
• apps/proxy/nitro.config.ts (2 hunks)
• apps/proxy/package.json (1 hunks)
• apps/proxy/server/middleware/cors.ts (1 hunks)
• apps/proxy/server/middleware/meetingbaas-proxy.ts (1 hunks)
• apps/proxy/server/middleware/s3-proxy.ts (1 hunks)
• apps/web/package.json (3 hunks)
• apps/web/src/components/settings/settings-form.tsx (2 hunks)
• apps/web/src/lib/constants.ts (1 hunks)
• apps/web/src/routes/login.tsx (2 hunks)
• package.json (2 hunks)
• packages/shared/package.json (1 hunks)
• packages/ui/package.json (1 hunks)
• pnpm-workspace.yaml (1 hunks)
• turbo.json (1 hunks)

💤 Files with no reviewable changes (1)

• apps/docs/next.config.mjs

🧰 Additional context used

🧬 Code Graph Analysis (1)

apps/web/src/routes/login.tsx (1)

apps/web/src/lib/constants.ts (1)

• VITE_WEB_URL (3-3)

🔇 Additional comments (32)

packages/shared/package.json (1)

28-28: Approved: React typings dependency update

The change from "catalog:react19" to "catalog:" aligns with the PR objective of rolling back React from v19 to v18 for better compatibility with external libraries.

packages/ui/package.json (1)

95-95: Approved: React dependencies updated consistently

The changes from "catalog:react19" to "catalog:" for both direct and peer dependencies of React and its type definitions align with the PR objective of rolling back from React v19 to v18 for better compatibility with external libraries.

Also applies to: 98-98, 103-103

apps/web/src/lib/constants.ts (1)

3-3: Approved: New web URL constant added

Adding the VITE_WEB_URL constant properly exports the environment variable required for fixing the authentication redirect URL, as mentioned in the PR objectives. This ensures the authentication flow redirects to the web URL instead of the API endpoint.

.env.example (1)

11-12: Approved: Web app URL environment variable added

The addition of the VITE_WEB_URL environment variable with its default local development value matches the PR requirements for fixing the authentication redirect issue. The comment clearly explains the variable's purpose.

apps/api/README.md (1)

11-13: Clear Addition of NITRO_WEB_URL
The new environment variable NITRO_WEB_URL is clearly documented alongside the other required variables. This enhances clarity for deployment configuration.

turbo.json (1)

52-58: Correct Inclusion of VITE_WEB_URL in Global Environment
Adding "VITE_WEB_URL" to the globalEnv array ensures that tasks relying on environment configurations can access the web URL consistently. Please verify that the corresponding .env.example has the expected value.

.gitignore (1)

8-9: New Ignored Directory Addition
The addition of .pnpm-store/* in the .gitignore file prevents inadvertent tracking of pnpm store artifacts, keeping the repository clean.

apps/api/.env.example (1)

1-3: API URL Correction Confirmed
The update of MEETINGBAAS_API_URL to "https://api.meetingbaas.com" (without the hyphen) aligns with the live API endpoint. This correction should resolve issues stemming from the previous URL mismatch.

apps/proxy/package.json (1)

33-37: Dependency Updates Verified
The introduction of the h3-proxy dependency (^1.13.0) in the dependencies section is appropriate for supporting new middleware features. Additionally, the version declaration for firebase-functions-test appears consistent. Ensure that any middleware using h3-proxy is thoroughly tested after this change.

apps/api/src/lib/auth.ts (1)

9-9: Good addition of CORS trusted origins configuration

Adding the trustedOrigins property to the betterAuth configuration is a good solution for the CORS issues mentioned in the PR objectives. This implementation properly reads from the environment variable and has a sensible fallback.

apps/docs/content/docs/concepts/environment-variables.mdx (2)

187-187: API URL correction is consistent with PR objectives

The update to MEETINGBAAS_API_URL removes the hyphen in the domain, changing from api.meeting-baas.com to api.meetingbaas.com, which aligns with the PR objective to correct the API URL for Meeting Baas.

---

255-255: Consistent API URL update

This change correctly updates the same MEETINGBAAS_API_URL in the API configuration section, maintaining consistency across the documentation.

apps/web/src/routes/login.tsx (2)

8-8: Good import of environment-based web URL constant

Adding this import is a good first step to making the callback URL configurable via environment variables, which addresses the auth redirect issue mentioned in the PR objectives.

---

27-27: Auth redirect URL fix implemented correctly

This change properly implements the fix for the auth redirect issue by using the VITE_WEB_URL environment variable to dynamically construct the callback URL instead of hardcoding it. This ensures the auth flow redirects to the web URL as specified in the PR objectives.

apps/proxy/.env.example (2)

2-2: Consistent API URL correction

This update correctly changes the MeetingBaas API URL to remove the hyphen, which aligns with the changes made in the documentation and addresses the API URL correction objective mentioned in the PR.

---

4-4: Good addition of web URL environment variable

Adding NITRO_WEB_URL provides the necessary configuration for the auth redirect fix mentioned in the PR objectives. This variable will be important for maintaining proper redirection in the authentication flow.

Verify that the corresponding variable has been added to your deployment environments as well, not just in the .env.example file.

apps/proxy/server/middleware/meetingbaas-proxy.ts (1)

6-12: Good implementation of API routing with path rewriting

This proxy middleware correctly implements the path rewriting to route requests from /api/meetingbaas/** to the Meeting Baas API URL. This aligns with the PR objective to update the API URL from staging to live.

apps/proxy/server/middleware/s3-proxy.ts (1)

6-12: Well-structured S3 proxy implementation

The S3 proxy middleware is well implemented with appropriate path rewriting and filtering. This supports the CORS resolution mentioned in the PR objectives.

package.json (1)

41-42: React dependency changes aligned with PR objectives

Updating React type dependencies from "catalog:react19" to "catalog:" aligns with the PR objective to roll back from React v19 to v18 for compatibility with external libraries.

apps/proxy/nitro.config.ts (3)

6-6: Approve API URL correction

The Meeting Baas API URL has been updated by removing the hyphen, changing from meeting-baas.com to meetingbaas.com. This aligns with the PR objective to update the API URL.

---

9-9: Approve web URL configuration

Adding the NITRO_WEB_URL constant with a default value provides proper fallback while allowing for environment-specific configuration.

---

14-17: Approve runtime configuration addition

The new runtimeConfig section properly exposes trusted origins and API URLs to the application. This change correctly addresses the CORS issues mentioned in the PR objectives.

pnpm-workspace.yaml (1)

14-18: Approve React and Next.js version rollback

The catalog entries have been correctly updated to use React 18 (^18.3.0) and Next.js 14 (^14.2.25), which aligns with the PR objective to ensure compatibility with external libraries that don't support React v19.

apps/web/package.json (1)

67-68: Approve type definitions update

The type definitions have been correctly updated to use the catalog entries for React 18.

apps/web/src/components/settings/settings-form.tsx (3)

98-98: Approve session error handling addition

Adding the error property from useSession is a good improvement that enables proper error handling in the component.

---

254-258: Approve improved session display logic

The conditional rendering has been enhanced to properly handle three states (loading, error, authenticated), which addresses the runtime error mentioned in the PR objectives.

---

261-267: Approve login/logout button logic

The conditions for showing SignOut and Login buttons have been updated to correctly respond to authentication state, fixing the runtime error that occurred when a user was not authenticated.

apps/docs/package.json (5)

36-36: Next.js Dependency Update Verification.
Please verify that the catalog reference for Next.js indeed resolves to the intended version (as per PR objectives, it should target Next.js v14) to ensure compatibility with the external libraries.

---

38-38: React Dependency Update Check.
Confirm that the catalog reference for React is resolving to version 18 rather than v19, in line with the compatibility rollback described in the PR objectives.

---

39-39: React-DOM Version Confirmation.
Ensure that the catalog reference for React-DOM resolves to the correct version (v18) so that it remains consistent with the React version update.

---

60-60: Type Definitions (@types/react) Validation.
Verify that the catalog reference used for "@types/react" aligns with the intended React version (v18) across the project to avoid any type mismatches.

---

61-61: Type Definitions (@types/react-dom) Check.
Ensure that the catalog reference for "@types/react-dom" matches the expected version for React-DOM to maintain consistency with the React dependency.

[coderabbitai]

🧹 Nitpick (assertive)

Missing default handler for non-CORS requests

The middleware returns early if CORS is handled, but doesn't provide a default path for when CORS isn't handled. This might lead to incomplete request processing if this is the only middleware in the chain.

   if (corsHandled) {
     return;
   }
+  // Continue to the next handler for non-CORS requests
 });

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (1)

apps/proxy/server/middleware/cors.ts (1)

15-18: 🧹 Nitpick (assertive)

Missing default handler for non-CORS requests

The middleware returns early if CORS is handled, but doesn't provide a default path for when CORS isn't handled. This might lead to incomplete request processing.

  if (corsHandled) {
    return;
  }
+  // Continue to the next handler for non-CORS requests
});

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 093bea3 and 88a820a.

📒 Files selected for processing (2)

• apps/proxy/server/middleware/cors.ts (1 hunks)
• apps/proxy/server/middleware/meetingbaas-proxy.ts (1 hunks)

🔇 Additional comments (4)

apps/proxy/server/middleware/cors.ts (2)

1-3: Proper imports added ✓

The imports for H3 and Nitro functions have been correctly added as suggested in previous reviews.

---

4-14: CORS middleware implementation looks good

The CORS middleware properly configures allowed origins from runtime config, handles preflight requests, and sets appropriate CORS headers.

apps/proxy/server/middleware/meetingbaas-proxy.ts (2)

1-3: Proper imports added ✓

The imports for eventHandler and useRuntimeConfig have been correctly added as suggested in previous reviews.

---

5-17: Proxy implementation matches PR objectives

The proxy middleware correctly implements the Meeting Baas API URL correction mentioned in the PR objectives. The implementation looks good with appropriate path rewriting and filtering.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 88a820a and 0eda86e.

📒 Files selected for processing (1)

• apps/proxy/server/middleware/s3-proxy.ts (1 hunks)

🔇 Additional comments (2)

apps/proxy/server/middleware/s3-proxy.ts (2)

6-6:

❓ Verification inconclusive

Verify the configuration value in your environment.

Since the PR mentions updating API URLs from staging to live, ensure that the meetingBaasS3Url configuration is correctly set in your environment files to point to the live S3 endpoint.

---

🏁 Script executed:

#!/bin/bash
# Check the configuration for S3 URL in proxy app
echo "Checking for meetingBaasS3Url configuration..."
rg "meetingBaasS3Url" apps/proxy

Length of output: 372

---

Action Required: Confirm MEETINGBAAS_S3_URL is Set to the Live S3 Endpoint

The configuration for meetingBaasS3Url is correctly referenced in apps/proxy/nitro.config.ts (using MEETINGBAAS_S3_URL) and injected into apps/proxy/server/middleware/s3-proxy.ts. However, since this PR updates API URLs from staging to live, please double-check that the MEETINGBAAS_S3_URL environment variable in your live deployment is pointing to the correct live S3 endpoint.

---

13-13:

❓ Verification inconclusive

Consider adding CORS-related headers if needed for S3 access.

Since this PR addresses CORS issues, verify if this S3 proxy also needs CORS headers for browser access. If your frontend directly communicates with this endpoint, you might need to handle preflight requests and add appropriate CORS headers.

Consider running the following test to check if frontend requests to this endpoint work properly:

---

🏁 Script executed:

#!/bin/bash
# Check if there are any frontend calls to the S3 proxy
echo "Checking for frontend calls to S3 proxy endpoint..."
rg --type=js --type=ts --type=tsx --type=jsx "/api/s3" apps/web

Length of output: 204

---

Action Required: Manually Verify Frontend Usage for S3 Proxy CORS Handling

The S3 proxy implementation in apps/proxy/server/middleware/s3-proxy.ts (line 13) currently does not include CORS headers, which might be necessary if a frontend directly accesses this endpoint. An automated search for /api/s3 in the apps/web directory returned an error (unrecognized file type: tsx), so we couldn’t confidently determine if there are frontend calls to this endpoint.

Next Steps:

• Manually verify if any frontend code calls /api/s3.
• If such calls exist, update the proxy to handle preflight requests and include appropriate CORS headers.