vrr/airi
2
0
Fork 0
mirror of https://github.com/moeru-ai/airi.git synced 2026-05-17 04:20:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
airi/apps/server/README.md
Lulu 98b1b9c34f
feat(server): env-based trusted origins for Capacitor dev (#1763) 
## Description

Adds optional env **`ADDITIONAL_TRUSTED_ORIGINS`**: comma-separated
browser origins that are trusted for **CORS (`/api/*`)**, **Stripe
return URLs**, **Better Auth `trustedOrigins`**, and **dynamic web OIDC
redirect URIs**.

LAN / non-localhost Capacitor dev (e.g. Pocket + Vite on
`https://10.x:5273`) no longer relies on broad private-IP regex;
operators list exact origins in `.env.local` and restart the API server
after changes.

## Linked Issues

<!-- N/A -->

## Additional Context

Pocket iOS dev workflow: `cap`/`capacitor.config` often points at a LAN
HTTPS origin; without this allowlist the API rejects those
`Origin`/`Referer`/`redirect_uri` bases. Review can stay focused on
**`apps/server/src/libs/env.ts`**,
**`apps/server/src/utils/origin.ts`**, and wiring in **`app.ts`**,
**Stripe**, **auth routes**.
2026-05-14 16:17:13 +08:00

1.3 KiB
Raw Permalink Blame History

@proj-airi/server

HTTP and WebSocket backend for AIRI. This app owns auth, billing, chat synchronization, gateway forwarding, and server-side observability export.

What It Does

  • Serves the Hono-based API and WebSocket endpoints.
  • Uses Postgres as the source of truth for users, billing, and durable state.
  • Uses Redis for cache, KV, Pub/Sub, and Streams.
  • Forwards GenAI requests to the configured upstream gateway and records billing from usage.
  • Exports traces, metrics, and logs through OpenTelemetry.

How To Use It

Install dependencies from the repo root and run scoped commands:

pnpm -F @proj-airi/server typecheck
pnpm -F @proj-airi/server exec vitest run
pnpm -F @proj-airi/server build

For local observability infrastructure, use:

docker compose -f apps/server/docker-compose.otel.yml up -d

ADDITIONAL_TRUSTED_ORIGINS (LAN / Capacitor dev)

When the mobile dev server uses a non-localhost origin (for example https://10.x.x.x:5273 from cap copy ios / capacitor.config.json), set ADDITIONAL_TRUSTED_ORIGINS in apps/server/.env.local to a comma-separated list of exact origins (parsed and normalized at startup). Example:

ADDITIONAL_TRUSTED_ORIGINS=https://10.0.0.129:5273,https://198.18.0.1:5273

Restart the API server after changing this variable.