fix cors on local (#1234)

areibman · web-flow · commit 68fba2b2d2c1 · 2025-08-29T14:54:49.000-07:00
diff --git a/app/README.md b/app/README.md
@@ -296,6 +296,24 @@ AgentOps requires several external services. Here's how to set them up:
 
 ### Supabase (Required)
 
+**Option A: Local Development (Recommended)**
+
+1. Install Supabase CLI: `brew install supabase/tap/supabase` (or see [docs](https://supabase.com/docs/guides/cli))
+2. Initialize and start Supabase locally:
+   ```bash
+   cd app  # Make sure you're in the app directory
+   supabase init
+   supabase start
+   ```
+3. The local Supabase will provide connection details. Update your `.env` files with:
+   ```
+   SUPABASE_URL=http://127.0.0.1:54321
+   SUPABASE_KEY=<anon-key-from-supabase-start-output>
+   ```
+4. Run migrations: `supabase db push`
+
+**Option B: Cloud Supabase**
+
 1. Create a new project at [supabase.com](https://supabase.com)
 2. Go to Settings → API to get your keys
 3. Update your `.env` files with:
@@ -319,7 +337,25 @@ AgentOps requires several external services. Here's how to set them up:
 ### PostgreSQL (Required)
 
 Configure direct PostgreSQL connection:
-1. Use your Supabase PostgreSQL connection details
+
+**For Local Supabase:**
+```
+POSTGRES_HOST=127.0.0.1
+POSTGRES_PORT=54322  # Note: Different port than Supabase API
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=postgres
+POSTGRES_DATABASE=postgres
+
+# Also add these for SQLAlchemy connections:
+SUPABASE_HOST=127.0.0.1
+SUPABASE_PORT=54322
+SUPABASE_USER=postgres
+SUPABASE_PASSWORD=postgres
+SUPABASE_DATABASE=postgres
+```
+
+**For Cloud Supabase:**
+1. Use your Supabase PostgreSQL connection details from Settings → Database
 2. Update your `.env` files with:
    ```
    POSTGRES_HOST=your-supabase-host
@@ -391,6 +427,51 @@ bun run lint
 bun run format
 ```
 
+## 🔍 Troubleshooting
+
+### Authentication Issues
+
+**Problem: Login succeeds but immediately redirects back to login page**
+
+This is usually caused by cookie configuration issues between the frontend and backend.
+
+**Solutions:**
+
+1. **Check your environment URLs**: Ensure `NEXT_PUBLIC_API_URL` in dashboard points to your API server:
+   ```bash
+   # dashboard/.env.local
+   NEXT_PUBLIC_API_URL=http://localhost:8000  # For local development
+   ```
+
+2. **Verify JWT secret**: Make sure `JWT_SECRET_KEY` is set in your API `.env`:
+   ```bash
+   # api/.env
+   JWT_SECRET_KEY=your-secret-key-at-least-32-chars
+   ```
+
+3. **For local development with different ports**: The API automatically adjusts cookie settings for localhost. No manual configuration needed.
+
+4. **For production or custom domains**: Ensure your API and dashboard share the same root domain for cookies to work.
+
+### Database Connection Issues
+
+**Problem: SQLAlchemy connection errors**
+
+Ensure all Supabase database variables are set in `api/.env`:
+```bash
+SUPABASE_HOST=127.0.0.1      # For local Supabase
+SUPABASE_PORT=54322          # Note: Different from API port
+SUPABASE_USER=postgres
+SUPABASE_PASSWORD=postgres
+SUPABASE_DATABASE=postgres
+```
+
+### Supabase Seed Data Issues
+
+**Problem: Duplicate key or missing table errors during `supabase start`**
+
+The seed.sql file may have issues. You can temporarily comment out problematic inserts or check if migrations are missing.
+
 ## 📦 Production Deployment
 
 ### Using Docker Compose
diff --git a/app/api/agentops/app.py b/app/api/agentops/app.py
@@ -9,6 +9,7 @@
 """
 
 from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
 import sentry_sdk
 
 from agentops.api.log_config import logger
@@ -41,6 +42,17 @@
 logger.info("⚡️FastAPI app initialized")
 logger.info(f"Docs available at: {app.docs_url}" if app.docs_url else "Docs disabled")
 
+# Add CORS middleware for local development
+if "localhost" in API_DOMAIN or "127.0.0.1" in API_DOMAIN:
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=["http://localhost:3000", "http://127.0.0.1:3000"],
+        allow_credentials=True,
+        allow_methods=["*"],
+        allow_headers=["*"],
+    )
+    logger.info("CORS middleware enabled for local development")
+
 # Configure the mounted apps
 # TODO this is redundant, but it's just for docs
 mounted_apps = {
diff --git a/app/api/agentops/auth/views.py b/app/api/agentops/auth/views.py
@@ -305,7 +305,10 @@ def _create_session_for_response(response: Response, access_token: str) -> Respo
     cookie_value = _encode_session_cookie(session)
 
     cookie_domain = _get_api_domain()
+    # Use secure cookies only with HTTPS
     cookie_secure = 'https' in API_URL
+    # Use 'lax' for HTTP (development) to allow cross-origin requests, 'strict' for HTTPS (production)
+    cookie_samesite = "lax" if not cookie_secure else "strict"
 
     response.set_cookie(
         key=AUTH_COOKIE_NAME,
@@ -314,7 +317,7 @@ def _create_session_for_response(response: Response, access_token: str) -> Respo
         secure=cookie_secure,  # only send over https in production
         domain=cookie_domain,  # set cookie for the api domain
         max_age=AUTH_COOKIE_EXPIRY,
-        samesite="strict",
+        samesite=cookie_samesite,
         path="/",  # valid across all paths
     )
 
diff --git a/app/api/uv.lock b/app/api/uv.lock
diff --git a/app/supabase/seed.sql b/app/supabase/seed.sql
@@ -112,14 +112,15 @@ INSERT INTO public.user_orgs (
   'owner'
 );
 
-INSERT INTO public.user_orgs (
-  user_id, org_id, user_email, role
-) VALUES (
-  'e043e8e0-504d-4e80-83ee-c42c47c63d8b',
-  'c0000000-0000-0000-0000-000000000000',
-  'test@agentops.ai',
-  'business_user'
-);
+-- Commented out duplicate key constraint
+-- INSERT INTO public.user_orgs (
+--   user_id, org_id, user_email, role
+-- ) VALUES (
+--   'e043e8e0-504d-4e80-83ee-c42c47c63d8b',
+--   'c0000000-0000-0000-0000-000000000000',
+--   'test@agentops.ai',
+--   'business_user'
+-- );
 
 INSERT INTO public.projects (
   id, 
@@ -232,17 +233,18 @@ INSERT INTO public.errors (
   '2024-03-06 11:15:13.761+00'
 );
 
-INSERT INTO public.deployments (
-  id, project_id, created_at, shutdown_time, image_id, is_active, build_log
-) VALUES (
-  'd1e1f9df-8980-4afc-9041-2e116dc7ad0e',
-  '0e2bf9df-8980-4afc-9041-2e116dc7ad0e',
-  '2024-03-05T21:16:00Z',
-  NULL,
-  'img-123',
-  TRUE,
-  NULL
-);
+-- Temporarily disabled: deployments table
+-- INSERT INTO public.deployments (
+--   id, project_id, created_at, shutdown_time, image_id, is_active, build_log
+-- ) VALUES (
+--   'd1e1f9df-8980-4afc-9041-2e116dc7ad0e',
+--   '0e2bf9df-8980-4afc-9041-2e116dc7ad0e',
+--   '2024-03-05T21:16:00Z',
+--   NULL,
+--   'img-123',
+--   TRUE,
+--   NULL
+-- );
 
 INSERT INTO public.spans (
   id, session_id, agent_id, trace_id, span_id, parent_span_id, name, kind, start_time, end_time, attributes, span_type
