Save current main work to dev-ai branch

Author: AlkenD

apps/api/Dockerfile

@@ -1,5 +1,5 @@
 # Build stage
-FROM node:18-alpine AS builder
+FROM node:20-alpine AS builder
 
 WORKDIR /app
 
@@ -8,42 +8,60 @@ RUN npm install -g pnpm
 
 # Copy workspace files
 COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
-COPY apps/api/package.json ./apps/api/
-COPY packages/typescript-config ./packages/typescript-config/
 COPY turbo.json ./
 
-# Install dependencies
+# Copy all package.json files to establish workspace structure
+COPY apps/api/package.json ./apps/api/
+COPY apps/web/package.json ./apps/web/
+COPY packages/ ./packages/
+
+# Install all dependencies
 RUN pnpm install --frozen-lockfile
 
-# Copy source code
+# Copy source code for both API and web app
 COPY apps/api ./apps/api
+COPY apps/web ./apps/web
 
 # Generate Prisma Client
 WORKDIR /app/apps/api
 RUN pnpm prisma generate
 
-# Build application
-RUN pnpm build
+# Build both API and web app from the monorepo root to handle dependencies properly
+WORKDIR /app
+RUN pnpm turbo build --filter=api --filter=web
 
 # Production stage
-FROM node:18-alpine AS production
+FROM node:20-alpine AS production
 
 WORKDIR /app
 
 # Install pnpm
 RUN npm install -g pnpm
 
-# Copy package files
-COPY --from=builder /app/apps/api/package.json ./
+# Create minimal workspace structure for production
+COPY --from=builder /app/package.json ./
 COPY --from=builder /app/pnpm-lock.yaml ./
+COPY --from=builder /app/pnpm-workspace.yaml ./
 
-# Install production dependencies only
-RUN pnpm install --prod --frozen-lockfile
+# Copy API package.json and any required workspace packages
+COPY --from=builder /app/apps/api/package.json ./apps/api/
+COPY --from=builder /app/packages/typescript-config ./packages/typescript-config/
 
-# Copy built files and prisma
+# Install only production dependencies for the API and its workspace dependencies
+RUN pnpm install --prod --frozen-lockfile --filter=api
+
+# Switch to the api directory for runtime
+WORKDIR /app/apps/api
+
+# Copy built application files to the correct location
 COPY --from=builder /app/apps/api/dist ./dist
 COPY --from=builder /app/apps/api/prisma ./prisma
+# Ensure generated Prisma client is available in both locations for compatibility
 COPY --from=builder /app/apps/api/src/generated ./src/generated
+RUN mkdir -p ./dist/generated && cp -r ./src/generated/* ./dist/generated/
+
+# Copy built web app files so the API can serve them
+COPY --from=builder /app/apps/web/dist ./web/dist
 
 # Copy entrypoint script
 COPY apps/api/docker-entrypoint.sh /usr/local/bin/

apps/api/src/config/env.ts

@@ -35,7 +35,7 @@ const envSchema = z.object({
     .default("info"),
 
   // CORS
-  CORS_ORIGIN: z.string().default("http://localhost:5173"),
+  CORS_ORIGIN: z.string().default("http://localhost:3000"),
   WEB_URL: z.string().optional(),
   APP_URL: z.string().default("http://localhost:3000"),
 

apps/api/src/index.ts

@@ -5,6 +5,9 @@ import compression from "compression";
 import morgan from "morgan";
 import swaggerUi from "swagger-ui-express";
 import cookieParser from "cookie-parser";
+import path from "path";
+import { fileURLToPath } from "url";
+import { networkInterfaces } from "os";
 
 // Configuration
 import { env } from "./config/env.js";
@@ -92,22 +95,56 @@ app.use(
 // Specific routes below will have their own more restrictive limits
 app.use("/api/", rateLimiters.standard);
 
-// CORS configuration
-app.use(
-  cors({
-    origin: env.CORS_ORIGIN.split(",").map((origin) => origin.trim()),
-    credentials: true,
-    methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
-    allowedHeaders: [
-      "Content-Type",
-      "Authorization",
-      "x-csrf-token",
-      "cookie",
-      "set-cookie",
-    ],
-    exposedHeaders: ["set-cookie"],
-  })
-);
+// CORS configuration - allow localhost and LAN access
+const corsOrigins = env.CORS_ORIGIN.split(",").map((origin) => origin.trim());
+
+// Add dynamic origin checking for LAN access
+const corsOptions = {
+  origin: (
+    origin: string | undefined,
+    callback: (err: Error | null, allow?: boolean) => void
+  ) => {
+    // Allow requests with no origin (like mobile apps, Postman, etc.)
+    if (!origin) return callback(null, true);
+
+    // Check if origin matches any of our configured origins
+    const isConfiguredOrigin = corsOrigins.some((configuredOrigin) => {
+      if (configuredOrigin === origin) return true;
+      // Allow any localhost or LAN IP on our port
+      if (
+        configuredOrigin.includes("localhost") &&
+        origin.includes("localhost")
+      )
+        return true;
+      if (configuredOrigin.includes(":3000") && origin.includes(":3000")) {
+        // Allow any IP address on port 3000 (LAN access)
+        const lanIpRegex = /^https?:\/\/([0-9]{1,3}\.){3}[0-9]{1,3}:3000$/;
+        return lanIpRegex.test(origin);
+      }
+      return false;
+    });
+
+    if (isConfiguredOrigin) {
+      callback(null, true);
+    } else {
+      // Log the blocked origin for debugging
+      logger.info(`CORS blocked origin: ${origin}`);
+      callback(new Error("Not allowed by CORS"));
+    }
+  },
+  credentials: true,
+  methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
+  allowedHeaders: [
+    "Content-Type",
+    "Authorization",
+    "x-csrf-token",
+    "cookie",
+    "set-cookie",
+  ],
+  exposedHeaders: ["set-cookie"],
+};
+
+app.use(cors(corsOptions));
 
 // Compression - Reduce response size
 app.use(compression());
@@ -213,6 +250,28 @@ app.get("/metrics", metricsHandler);
 // CSRF token endpoint (for web clients)
 app.get("/api/v1/csrf-token", csrfTokenHandler);
 
+// Server info endpoint for LAN discovery
+app.get("/api/v1/server-info", (_req, res) => {
+  const interfaces = networkInterfaces();
+  const lanIps: string[] = [];
+
+  // Find all LAN IP addresses
+  Object.values(interfaces).forEach((netInterface) => {
+    netInterface?.forEach((details) => {
+      if (details.family === "IPv4" && !details.internal) {
+        lanIps.push(details.address);
+      }
+    });
+  });
+
+  res.json({
+    port: env.PORT,
+    lanIps,
+    urls: lanIps.map((ip) => `http://${ip}:${env.PORT}`),
+    localhost: `http://localhost:${env.PORT}`,
+  });
+});
+
 // ────────────────────────────────────────────────────────────────────────────
 // Health Check Routes (no versioning, no rate limiting)
 // ────────────────────────────────────────────────────────────────────────────
@@ -249,6 +308,55 @@ app.use(`${API_V1}/comics`, csrfProtection, comicsRouter);
 app.use(`${API_V1}/search`, rateLimiters.search, searchRouter); // GET requests, no CSRF needed
 app.use(`${API_V1}/bulk`, csrfProtection, bulkRouter);
 
+// ────────────────────────────────────────────────────────────────────────────
+// Static File Serving (Web App)
+// ────────────────────────────────────────────────────────────────────────────
+
+// Get the current file directory for path resolution
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+// Path to the built web app static files
+// In development: ../../web/dist (relative to src/)
+// In production Docker: ../web/dist (relative to dist/)
+const webDistPath =
+  process.env.NODE_ENV === "production"
+    ? path.join(__dirname, "../web/dist")
+    : path.join(__dirname, "../../../web/dist");
+
+// Serve static files from the web app build directory
+app.use(
+  express.static(webDistPath, {
+    maxAge: env.NODE_ENV === "production" ? "1y" : "0", // Cache for 1 year in production
+    etag: true,
+    lastModified: true,
+    setHeaders: (res, path) => {
+      // Set proper MIME types for JavaScript and CSS files
+      if (path.endsWith(".js")) {
+        res.setHeader("Content-Type", "application/javascript");
+      } else if (path.endsWith(".css")) {
+        res.setHeader("Content-Type", "text/css");
+      }
+    },
+  })
+);
+
+// Handle client-side routing - serve index.html for all non-API routes
+app.get("*", (req, res, next) => {
+  // Skip if this is an API route, health check, metrics, or docs
+  if (
+    req.path.startsWith("/api") ||
+    req.path.startsWith("/health") ||
+    req.path.startsWith("/metrics") ||
+    req.path.startsWith("/api-docs")
+  ) {
+    return next();
+  }
+
+  // Serve the web app index.html for all other routes (client-side routing)
+  res.sendFile(path.join(webDistPath, "index.html"));
+});
+
 // ────────────────────────────────────────────────────────────────────────────
 // Error Handlers
 // ────────────────────────────────────────────────────────────────────────────
@@ -268,17 +376,21 @@ async function startServer() {
     logger.info("Verifying database connection...");
     await verifyDatabaseConnection();
 
-    // Start the HTTP server
-    const server = app.listen(env.PORT, () => {
+    // Start the HTTP server - bind to all interfaces for LAN access
+    const server = app.listen(env.PORT, "0.0.0.0", () => {
       logger.info(`🚀 Server started successfully`);
       logger.info(`   Environment: ${env.NODE_ENV}`);
       logger.info(`   Port: ${env.PORT}`);
+      logger.info(`   Web App: http://localhost:${env.PORT}`);
       logger.info(`   API: http://localhost:${env.PORT}/api/v1`);
       logger.info(`   Docs: http://localhost:${env.PORT}/api-docs`);
       logger.info(`   Health: http://localhost:${env.PORT}/health`);
       logger.info(`   Metrics: http://localhost:${env.PORT}/metrics`);
       logger.info(`   WebSocket: ws://localhost:${env.PORT}/ws`);
       logger.info(`   CSRF Protection: Enabled`);
+      logger.info(
+        `   🌐 Server is accessible on LAN - check your local IP address`
+      );
     });
 
     // Initialize WebSocket server

apps/api/src/routes/media/media.service.ts

@@ -393,6 +393,9 @@ export class MediaService {
   private addStreamingUrls(media: any): any {
     if (!media) return media;
 
+    // Convert BigInt fields to strings to prevent serialization errors
+    this.convertBigIntToString(media);
+
     // Add streaming URL for movies
     if (media.movie && media.movie.filePath) {
       media.movie.streamUrl = `${API_BASE_URL}/api/media/stream/movie/${media.id}`;
@@ -420,6 +423,21 @@ export class MediaService {
   private addStreamingUrlsToArray(mediaArray: any[]): any[] {
     return mediaArray.map((media) => this.addStreamingUrls(media));
   }
+
+  /**
+   * Convert BigInt fields to strings recursively
+   */
+  private convertBigIntToString(obj: any): void {
+    if (!obj || typeof obj !== "object") return;
+
+    for (const key in obj) {
+      if (typeof obj[key] === "bigint") {
+        obj[key] = obj[key].toString();
+      } else if (typeof obj[key] === "object" && obj[key] !== null) {
+        this.convertBigIntToString(obj[key]);
+      }
+    }
+  }
 }
 
 // Export singleton instance