Update Script to Build Vite with Host On The Fly from .env File (#496)

astrosnat · pwdel · web-flow · commit dd426e092b73 · 2025-09-21T08:43:38.000-05:00
* checkpoint for vite

added today's checkpoint

* Adding vite template

Grok Code decided to make a template. Let's see how well this actually works.

* Update build_prod.sh

VIBE CODED WITH GROK. TESTED. ALMOST CERTAINLY NEEDS EDITS.

* Update env_writer_prod.sh

Grok changed this. VIBE CODED, TEST BEFORE DEPLOYMENT ALWAYS

* Attempting template fix.

---------

Co-authored-by: Patrick Delaney &lt;patrick.del@gmail.com&gt;
diff --git a/README/CHECKPOINTS/CHECKPOINT20250916-01.md b/README/CHECKPOINTS/CHECKPOINT20250916-01.md
@@ -0,0 +1,137 @@
+Here's a project outline that should solve this.
+
+Project: Deterministic Vite allowedHosts Integration with Deploy Scripts
+Objective
+
+Update SocialPredict’s frontend build system so that Vite’s server.allowedHosts and preview.allowedHosts are automatically populated from the .env file and deploy scripts, rather than being hard-coded. This ensures:
+
+Consistency: the same domain used in SSL certs and Nginx is also whitelisted in Vite.
+
+Determinism: hostnames are set from .env and deploy scripts, not manually or via CLI flags.
+
+Security: production stays locked down to the configured domain(s), while development has sensible defaults (localhost, 127.0.0.1, frontend).
+
+Implementation Plan
+1. Create a Vite Config Template
+
+Add a new template file at frontend/vite.config.mjs.template:
+
+// frontend/vite.config.mjs.template
+import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react'
+
+// Parse comma-separated host lists from env
+const parseHosts = (s) =>
+  (s || '')
+    .split(',')
+    .map(h => h.trim())
+    .filter(Boolean)
+
+const DEV_ALLOWED = parseHosts(process.env.VITE_DEV_ALLOWED_HOSTS)
+const PROD_ALLOWED = parseHosts(process.env.VITE_PROD_ALLOWED_HOSTS)
+
+export default defineConfig(({ mode }) => {
+  const isProd = mode === 'production'
+  const allowed = isProd ? PROD_ALLOWED : DEV_ALLOWED
+
+  return {
+    server: {
+      host: '0.0.0.0',
+      allowedHosts: allowed.length ? allowed : ['localhost', '127.0.0.1', 'frontend'],
+    },
+    preview: {
+      allowedHosts: allowed.length ? allowed : ['localhost'],
+    },
+    build: {
+      outDir: 'build',
+      commonjsOptions: { transformMixedEsModules: true },
+    },
+    plugins: [react()],
+    css: {
+      target: 'async',
+    },
+  }
+})
+
+2. Update Deploy Scripts to Stamp Template
+prod/build_prod.sh
+
+Add a function to generate vite.config.mjs:
+
+frontend_vite_allowed_hosts() {
+  local template="$SCRIPT_DIR/frontend/vite.config.mjs.template"
+  local file="$SCRIPT_DIR/frontend/vite.config.mjs"
+
+  # Ensure env vars are set
+  export VITE_DEV_ALLOWED_HOSTS="${VITE_DEV_ALLOWED_HOSTS:-localhost,127.0.0.1,frontend}"
+  export VITE_PROD_ALLOWED_HOSTS="${VITE_PROD_ALLOWED_HOSTS:-$DOMAIN,www.$DOMAIN}"
+
+  envsubst < "$template" > "$file"
+}
+
+build_frontend() {
+  echo "### Building Frontend Image ..."
+  frontend_api_uri
+  frontend_vite_allowed_hosts
+  # existing build logic...
+}
+
+dev/build_dev.sh
+
+Add a dev version:
+
+frontend_vite_allowed_hosts_dev() {
+  local template="$SCRIPT_DIR/frontend/vite.config.mjs.template"
+  local file="$SCRIPT_DIR/frontend/vite.config.mjs"
+
+  export VITE_DEV_ALLOWED_HOSTS="${VITE_DEV_ALLOWED_HOSTS:-localhost,127.0.0.1,frontend}"
+  export VITE_PROD_ALLOWED_HOSTS="${VITE_PROD_ALLOWED_HOSTS:-}"
+
+  envsubst < "$template" > "$file"
+}
+
+build_frontend() {
+  echo "### Building Frontend Image ..."
+  frontend_vite_allowed_hosts_dev
+  # existing build logic...
+}
+
+3. Extend .env Creation
+prod/env_writer_prod.sh
+
+After setting DOMAIN, add:
+
+# Add VITE_PROD_ALLOWED_HOSTS and VITE_DEV_ALLOWED_HOSTS if not present
+if ! grep -q "^VITE_PROD_ALLOWED_HOSTS=" .env; then
+  echo "VITE_PROD_ALLOWED_HOSTS='${domain_answer},www.${domain_answer}'" >> .env
+fi
+
+if ! grep -q "^VITE_DEV_ALLOWED_HOSTS=" .env; then
+  echo "VITE_DEV_ALLOWED_HOSTS='localhost,127.0.0.1,frontend'" >> .env
+fi
+
+dev/env_writer_dev.sh
+
+Append default dev hosts:
+
+if ! grep -q "^VITE_DEV_ALLOWED_HOSTS=" "$SCRIPT_DIR/.env"; then
+  echo "VITE_DEV_ALLOWED_HOSTS='localhost,127.0.0.1,frontend'" >> "$SCRIPT_DIR/.env"
+fi
+
+Result
+
+.env deterministically defines which hosts are allowed.
+
+Production automatically whitelists ${DOMAIN},www.${DOMAIN}.
+
+Development defaults to localhost + Docker service name.
+
+No need for ad-hoc CLI args or manual editing.
+
+Next Steps
+
+Implement the above changes in frontend/, scripts/prod/, and scripts/dev/.
+
+Test locally: run ./SocialPredict dev and confirm Vite allows localhost + frontend.
+
+Test prod: run ./SocialPredict prod, verify .env populates VITE_PROD_ALLOWED_HOSTS, and that the frontend only accepts traffic from your configured domain(s).
diff --git a/README/CHECKPOINTS/CHECKPOINT20250916-02.md b/README/CHECKPOINTS/CHECKPOINT20250916-02.md
@@ -0,0 +1,122 @@
+Template PROD allowedHosts in Vite using DOMAIN (plus optional PROD_EXTRA_ALLOWED) from your deploy .env.
+
+Keep DEV allowedHosts static.
+
+Bake the rendered vite.config.mjs into the prod image during ./SocialPredict install (prod).
+
+No Dockerfile edits needed (render happens before docker build).
+
+🗂️ File Changes
+1) frontend/vite.config.mjs.template
+import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react'
+
+// DEV stays fixed — no templating
+const DEV_ALLOWED = ['frontend', 'localhost', '127.0.0.1']
+
+// PROD is injected at build-time by scripts/prod/env_writer_prod.sh
+// It becomes a concrete JS array literal like: ["brierfoxforecast.com", "www.brierfoxforecast.com"]
+const PROD_ALLOWED = [__PROD_ALLOWED_HOSTS__]
+
+export default defineConfig(({ mode }) => {
+  const isProd = mode === 'production'
+  const allowed = isProd ? PROD_ALLOWED.filter(Boolean) : DEV_ALLOWED
+
+  return {
+    server: {
+      host: '0.0.0.0',
+      allowedHosts: allowed,
+    },
+    preview: { allowedHosts: allowed },
+    build: {
+      outDir: 'build',
+      commonjsOptions: { transformMixedEsModules: true },
+    },
+    plugins: [react()],
+    css: { target: 'async' },
+  }
+})
+
+2) scripts/prod/env_writer_prod.sh
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Render PROD allowedHosts into frontend/vite.config.mjs from the template,
+# using DOMAIN (and optional PROD_EXTRA_ALLOWED) from your deploy env file.
+
+# Usage:
+#   scripts/prod/env_writer_prod.sh /absolute/path/to/.env
+#   # or rely on ENV_PATH env var:
+#   ENV_PATH=/root/socialpredict-deploy/.env scripts/prod/env_writer_prod.sh
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+TPL="${ROOT_DIR}/frontend/vite.config.mjs.template"
+OUT="${ROOT_DIR}/frontend/vite.config.mjs"
+
+ENV_FILE="${1:-${ENV_PATH:-}}"
+if [[ -z "${ENV_FILE}" || ! -f "${ENV_FILE}" ]]; then
+  echo "ERROR: Supply path to deploy .env (arg #1) or set ENV_PATH to a valid file." >&2
+  exit 1
+fi
+
+# shellcheck disable=SC1090
+. "${ENV_FILE}"
+
+: "${DOMAIN:?DOMAIN must be set in ${ENV_FILE}}"
+PROD_EXTRA_ALLOWED="${PROD_EXTRA_ALLOWED:-}"
+
+# Build host list: apex + www + extras (comma/space separated), dedup
+join_unique_csv() {
+  echo "$1" | tr ' ,' '\n' | sed '/^$/d' | awk '!seen[$0]++' | paste -sd',' -
+}
+
+BASE="${DOMAIN},www.${DOMAIN}"
+ALL_CSV="$(join_unique_csv "${BASE},${PROD_EXTRA_ALLOWED}")"
+
+# CSV -> "a","b","c"
+JS_ITEMS="$(awk -v csv="$ALL_CSV" 'BEGIN{
+  n=split(csv, a, /,/);
+  for(i=1;i<=n;i++){gsub(/^ +| +$/,"",a[i]); if(a[i]!=""){printf "\"%s\"%s", a[i], (i<n?", ":"")}}
+}')"
+
+mkdir -p "$(dirname "$OUT")"
+sed -e "s|__PROD_ALLOWED_HOSTS__|${JS_ITEMS}|g" "$TPL" > "$OUT"
+
+echo "Rendered ${OUT}"
+echo "PROD allowedHosts => [${JS_ITEMS}]"
+
+3) scripts/prod/build_prod.sh
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Build the PROD frontend image with rendered allowedHosts.
+# Reads DOMAIN/PROD_EXTRA_ALLOWED from the same deploy .env you already use.
+#
+# Usage:
+#   scripts/prod/build_prod.sh /absolute/path/to/.env
+#
+# Requires FRONTEND_IMAGE_NAME in your .env (e.g., socialpredict-frontend).
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+ENV_FILE="${1:-${ENV_PATH:-}}"
+
+if [[ -z "${ENV_FILE}" || ! -f "${ENV_FILE}" ]]; then
+  echo "ERROR: Supply path to deploy .env (arg #1) or set ENV_PATH to a valid file." >&2
+  exit 1
+fi
+
+# shellcheck disable=SC1090
+. "${ENV_FILE}"
+
+: "${FRONTEND_IMAGE_NAME:?FRONTEND_IMAGE_NAME must be set in ${ENV_FILE}}"
+
+# 1) Render vite.config.mjs for PROD
+"${ROOT_DIR}/scripts/prod/env_writer_prod.sh" "${ENV_FILE}"
+
+# 2) Build the image; since vite.config.mjs is rendered in the build context,
+#    your Dockerfile's "npm run build" will pick it up automatically.
+docker build \
+  -t "${FRONTEND_IMAGE_NAME}:prod" \
+  "${ROOT_DIR}/frontend"
+
+echo "Built ${FRONTEND_IMAGE_NAME}:prod"
diff --git a/frontend/vite.config.mjs.template b/frontend/vite.config.mjs.template
@@ -0,0 +1,28 @@
+import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react'
+
+// DEV stays fixed — no templating
+const DEV_ALLOWED = ['frontend', 'localhost', '127.0.0.1']
+
+// PROD is injected at build-time by scripts/prod/env_writer_prod.sh
+// It becomes a concrete JS array literal like: ["brierfoxforecast.com", "www.brierfoxforecast.com"]
+const PROD_ALLOWED = [__PROD_ALLOWED_HOSTS__]
+
+export default defineConfig(({ mode }) => {
+  const isProd = mode === 'production'
+  const allowed = isProd ? PROD_ALLOWED.filter(Boolean) : DEV_ALLOWED
+
+  return {
+    server: {
+      host: '0.0.0.0',
+      allowedHosts: allowed,
+    },
+    preview: { allowedHosts: allowed },
+    build: {
+      outDir: 'build',
+      commonjsOptions: { transformMixedEsModules: true },
+    },
+    plugins: [react()],
+    css: { target: 'async' },
+  }
+})
diff --git a/scripts/prod/build_prod.sh b/scripts/prod/build_prod.sh
@@ -15,13 +15,27 @@ frontend_api_uri() {
 	envsubst < $template > $file
 }
 
+# Function to generate vite.config.mjs from template using the new templating system
+frontend_vite_allowed_hosts() {
+	# Source the render function from env_writer_prod.sh
+	local env_writer_script="$SCRIPT_DIR/scripts/prod/env_writer_prod.sh"
+	# shellcheck disable=SC1090
+	source "$env_writer_script"
+	
+	# Call the render function with the .env file path
+	render_vite_config_prod "$SCRIPT_DIR/.env"
+}
+
 # Function to build frontend image
 build_frontend() {
         echo "### Building Frontend Image ..."
 
 	# Update API_URI
 	frontend_api_uri
 
+	# Generate vite.config.mjs
+	frontend_vite_allowed_hosts
+
         # Get frontend directory
         FRONTEND_DIR="$( readlink -f "$SCRIPT_DIR/frontend" )"
 
diff --git a/scripts/prod/env_writer_prod.sh b/scripts/prod/env_writer_prod.sh
@@ -24,6 +24,47 @@ check_username_strength() {
     fi
 }
 
+# Render PROD allowedHosts into frontend/vite.config.mjs from the template,
+# using DOMAIN (and optional PROD_EXTRA_ALLOWED) from your deploy env file.
+render_vite_config_prod() {
+	local env_file="${1:-${ENV_PATH:-}}"
+	
+	if [[ -z "${env_file}" || ! -f "${env_file}" ]]; then
+		echo "ERROR: Supply path to deploy .env (arg #1) or set ENV_PATH to a valid file." >&2
+		return 1
+	fi
+
+	local root_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+	local tpl="${root_dir}/frontend/vite.config.mjs.template"
+	local out="${root_dir}/frontend/vite.config.mjs"
+
+	# shellcheck disable=SC1090
+	. "${env_file}"
+
+	: "${DOMAIN:?DOMAIN must be set in ${env_file}}"
+	local prod_extra_allowed="${PROD_EXTRA_ALLOWED:-}"
+
+	# Build host list: apex + www + extras (comma/space separated), dedup
+	join_unique_csv() {
+		echo "$1" | tr ' ,' '\n' | sed '/^$/d' | awk '!seen[$0]++' | paste -sd',' -
+	}
+
+	local base="${DOMAIN},www.${DOMAIN}"
+	local all_csv="$(join_unique_csv "${base},${prod_extra_allowed}")"
+
+	# CSV -> "a","b","c"
+	local js_items="$(awk -v csv="$all_csv" 'BEGIN{
+		n=split(csv, a, /,/);
+		for(i=1;i<=n;i++){gsub(/^ +| +$/,"",a[i]); if(a[i]!=""){printf "\"%s\"%s", a[i], (i<n?", ":"")}}
+	}')"
+
+	mkdir -p "$(dirname "$out")"
+	sed -e "s|__PROD_ALLOWED_HOSTS__|${js_items}|g" "$tpl" > "$out"
+
+	echo "Rendered ${out}"
+	echo "PROD allowedHosts => [${js_items}]"
+}
+
 # Function to create and update .env file
 init_env() {
 	# Create .env file
@@ -48,6 +89,15 @@ init_env() {
 
 	echo
 
+	# Add VITE_PROD_ALLOWED_HOSTS and VITE_DEV_ALLOWED_HOSTS if not present
+	if ! grep -q "^VITE_PROD_ALLOWED_HOSTS=" .env; then
+	  echo "VITE_PROD_ALLOWED_HOSTS='${domain_answer},www.${domain_answer}'" >> .env
+	fi
+
+	if ! grep -q "^VITE_DEV_ALLOWED_HOSTS=" .env; then
+	  echo "VITE_DEV_ALLOWED_HOSTS='localhost,127.0.0.1,frontend'" >> .env
+	fi
+
 	# Update email address
 	read -r -p "What email address do you wish to use for the SSL Certificate? " email_answer
 	while [ -z "$email_answer" ]
