attune-system/attune
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
87d830f952bc293da16c193d370c958519f64334
attune/work-summary/sessions/2026-01-20-cors-fix-user-reset.md
David Culbreth 3b14c65998 re-uploading work
2026-02-04 17:46:30 -06:00

5.4 KiB
Raw Blame History

Work Summary: CORS Fix and Test User Reset

Date: 2026-01-20
Session Type: Bug Fix & User Management

Issues Addressed

1. Forgot Test User Credentials

  • User forgot the username/password for local testing instance
  • No existing script to reset or create test users

2. CORS Error on Login

  • Frontend making requests to http://localhost:8080/auth/login
  • CORS policy blocking cross-origin requests from localhost:3000 to localhost:8080
  • Configuration not using Vite proxy correctly

Solutions Implemented

1. Test User Management Script

Created: scripts/create_test_user.sh

Features:

  • Creates or resets admin user with default credentials (login: admin, password: admin)
  • Supports custom credentials via command-line arguments
  • Uses Argon2id password hashing
  • Fallback to pre-generated hash for 'admin' password
  • Environment variable support for database connection

Usage:

# Create/reset default admin user
./scripts/create_test_user.sh

# Create custom user
./scripts/create_test_user.sh myuser mypassword "My Name"

Test Credentials:

  • Login: admin
  • Password: admin

2. CORS Configuration Fix

Problem:

  • Frontend configured to make direct requests to localhost:8080
  • Not utilizing Vite's proxy configuration
  • WITH_CREDENTIALS set to false

Changes Made:

File: web/src/lib/api-config.ts

  • Changed API_BASE_URL from "http://localhost:8080" to "" (empty string)
  • This makes requests relative to current origin (uses Vite proxy)
  • Changed WITH_CREDENTIALS from false to true
  • Enables proper credential handling for CORS
// Before
const API_BASE_URL = import.meta.env.VITE_API_BASE_URL || "http://localhost:8080";
OpenAPI.WITH_CREDENTIALS = false;

// After
const API_BASE_URL = import.meta.env.VITE_API_BASE_URL || "";
OpenAPI.WITH_CREDENTIALS = true;

File: web/vite.config.ts

  • Added /auth route to proxy configuration
  • Previously only /api routes were proxied
proxy: {
  "/api": {
    target: "http://localhost:8080",
    changeOrigin: true,
  },
  "/auth": {
    target: "http://localhost:8080",
    changeOrigin: true,
  },
}

3. Documentation

Created: web/CORS-TROUBLESHOOTING.md

Comprehensive guide covering:

  • Architecture overview (proxy-based development)
  • Current configuration details
  • Common CORS issues and solutions
  • Testing procedures
  • Development workflow
  • Environment variables reference
  • Quick fix checklist

Architecture Explanation

Development Request Flow

Browser (localhost:3000) → Vite Dev Server (proxy) → API Server (localhost:8080)

Why this works:

  • All requests appear to come from localhost:3000 (same origin)
  • Vite proxy forwards /api/* and /auth/* to backend
  • No CORS issues because browser sees same-origin requests
  • Backend CORS still configured for direct access if needed

Backend CORS Configuration

File: crates/api/src/middleware/cors.rs

Default allowed origins:

  • http://localhost:3000 (Vite default)
  • http://localhost:5173 (Vite alternative)
  • http://localhost:8080 (API direct access)
  • Plus 127.0.0.1 variants

Settings:

  • Credentials: Enabled
  • Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS
  • Headers: Authorization, Content-Type, Accept

Testing

Test User Created Successfully

$ ./scripts/create_test_user.sh
[INFO] Attune Test User Setup
[INFO] ======================
[INFO] Database: attune
[INFO] Host: localhost:5432

[INFO] Creating new user 'admin'...
INSERT 0 1
[INFO] User 'admin' created successfully!

[INFO] ======================================
[INFO] Test User Credentials:
[INFO]   Login:    admin
[INFO]   Password: admin
[INFO] ======================================

Verified in database:

SELECT id, login, display_name, created FROM attune.identity WHERE login='admin';
-- id | login | display_name  | created
--  2 | admin | Administrator | 2026-01-20 19:34:03

Next Steps

  1. Test the CORS fix:

    • Restart frontend dev server (cd web && npm run dev)
    • Browser DevTools Network tab should show requests to localhost:3000
    • Login should work without CORS errors

  2. Verify login flow:

    curl -X POST http://localhost:3000/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"login":"admin","password":"admin"}'

  3. If still having issues:

    • Check browser console for request URLs
    • Verify Vite dev server is running on port 3000
    • Review web/CORS-TROUBLESHOOTING.md checklist

Files Created/Modified

Created:

  • scripts/create_test_user.sh - User management script
  • web/CORS-TROUBLESHOOTING.md - Comprehensive CORS guide

Modified:

  • web/src/lib/api-config.ts - Fixed API base URL and credentials
  • web/vite.config.ts - Added /auth proxy route

Impact

Immediate:

  • Test user credentials now available (admin/admin)
  • Script to reset/create users anytime
  • CORS errors should be resolved

Long-term:

  • Better development experience with proxy
  • Production-ready architecture (reverse proxy pattern)
  • Documentation for troubleshooting

Notes

  • Frontend dev server must be restarted to pick up Vite config changes
  • The create_test_user.sh script is now the standard way to manage test users
  • CORS configuration supports both proxy and direct access patterns
  • Production deployments should use reverse proxy (nginx/caddy) for same pattern
Reference in New Issue View Git Blame Copy Permalink