Add React deps, bunfig config, and API proxy (#27)

Ember-Moth · web-flow · commit 52248266d62f · 2026-03-12T18:45:09.000+08:00
diff --git a/apps/admin/package.json b/apps/admin/package.json
@@ -14,6 +14,8 @@
   },
   "dependencies": {
     "@faker-js/faker": "^10.0.0",
+    "react": "^19.2.0",
+    "react-dom": "^19.2.0",
     "@lottiefiles/dotlottie-react": "^0.17.7",
     "@noble/curves": "^2.0.1",
     "@stripe/react-stripe-js": "^5.4.0",
diff --git a/apps/user/package.json b/apps/user/package.json
@@ -14,6 +14,8 @@
   },
   "dependencies": {
     "@faker-js/faker": "^10.0.0",
+    "react": "^19.2.0",
+    "react-dom": "^19.2.0",
     "@lottiefiles/dotlottie-react": "^0.17.7",
     "@stripe/react-stripe-js": "^5.4.0",
     "@stripe/stripe-js": "^8.5.2",
diff --git a/bunfig.toml b/bunfig.toml
@@ -0,0 +1,5 @@
+[install]
+# Use hoisted (flat) node_modules layout instead of isolated installs.
+# This ensures Vite/Rollup can resolve dependencies correctly in CI environments
+# such as Cloudflare Pages.
+linker = "hoisted"
diff --git a/functions/v1/[[path]].ts b/functions/v1/[[path]].ts
@@ -0,0 +1,63 @@
+interface Env {
+  API_BASE_URL: string;
+}
+
+export const onRequest: PagesFunction<Env> = async (context) => {
+  const { request, env } = context;
+
+  const apiBase = (env.API_BASE_URL || "https://api.ppanel.dev").replace(
+    /\/$/,
+    "",
+  );
+
+  const url = new URL(request.url);
+  const targetUrl = `${apiBase}${url.pathname}${url.search}`;
+
+  const headers = new Headers(request.headers);
+  headers.set("Host", new URL(apiBase).host);
+  headers.delete("cf-connecting-ip");
+  headers.delete("cf-ipcountry");
+  headers.delete("cf-ray");
+  headers.delete("cf-visitor");
+
+  const init: RequestInit = {
+    method: request.method,
+    headers,
+    redirect: "follow",
+  };
+
+  if (
+    request.method !== "GET" &&
+    request.method !== "HEAD" &&
+    request.body !== null
+  ) {
+    init.body = request.body;
+  }
+
+  const response = await fetch(targetUrl, init);
+
+  const responseHeaders = new Headers(response.headers);
+  responseHeaders.delete("set-cookie");
+  responseHeaders.set("Access-Control-Allow-Origin", url.origin);
+  responseHeaders.set(
+    "Access-Control-Allow-Methods",
+    "GET, POST, PUT, DELETE, PATCH, OPTIONS",
+  );
+  responseHeaders.set(
+    "Access-Control-Allow-Headers",
+    "Content-Type, Authorization",
+  );
+
+  if (request.method === "OPTIONS") {
+    return new Response(null, {
+      status: 204,
+      headers: responseHeaders,
+    });
+  }
+
+  return new Response(response.body, {
+    status: response.status,
+    statusText: response.statusText,
+    headers: responseHeaders,
+  });
+};
